From cd636fc28f035b5cf7ff41dd8742fb2f46dcd313 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Tue, 9 Aug 2016 11:43:09 +0200 Subject: [PATCH 001/102] Update --- vulnerabilities.csv | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/vulnerabilities.csv b/vulnerabilities.csv index 95cbb61..8d4cc4b 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -310,23 +310,23 @@ 5.5.39;5;5;39;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; 5.6.20;5;6;20;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; 5.6.19;5;6;19;CVE-2014-6564;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:70511 | URL:http://www.securityfocus.com/bid/70511";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | BID:72229 | URL:http://www.securityfocus.com/bid/72229 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150385(100190) | URL:http://xforce.iss.net/xforce/xfdb/100190";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | BID:72229 | URL:http://www.securityfocus.com/bid/72229 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150385(100190) | URL:http://xforce.iss.net/xforce/xfdb/100190";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.22;5;6;22;CVE-2015-0405;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150409(100188) | URL:http://xforce.iss.net/xforce/xfdb/100188";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150409(100188) | URL:http://xforce.iss.net/xforce/xfdb/100188";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.22;5;6;22;CVE-2015-0423;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"BUGTRAQ:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded | FULLDISC:20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE | URL:http://seclists.org/fulldisclosure/2015/Apr/5 | MISC:http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150432(100187) | URL:http://xforce.iss.net/xforce/xfdb/100187";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150432(100187) | URL:http://xforce.iss.net/xforce/xfdb/100187";Assigned (20141217);"None (candidate not yet proposed)"; 5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.22;5;6;22;CVE-2015-0438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; @@ -367,9 +367,9 @@ 5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)"; 5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)"; 5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150320);"None (candidate not yet proposed)"; -5.7.3;5;7;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937";Assigned (20150410);"None (candidate not yet proposed)"; -6.1.3;6;1;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937";Assigned (20150410);"None (candidate not yet proposed)"; -5.5.44;5;5;44;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937";Assigned (20150410);"None (candidate not yet proposed)"; +5.7.3;5;7;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +6.1.3;6;1;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +5.5.44;5;5;44;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; 5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)"; 5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1";Assigned (20150624);"None (candidate not yet proposed)"; From bb6b7ca62363b69ba3211b43ba094f005fde45f4 Mon Sep 17 00:00:00 2001 From: Sergei A Mamonov Date: Tue, 27 Dec 2016 13:16:17 +0300 Subject: [PATCH 002/102] Disable zero prototypes in few functions --- mysqltuner.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index abb71ed..0ab8d02 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1312,7 +1312,7 @@ sub get_os_release { return "Unknown OS release"; } -sub get_fs_info() { +sub get_fs_info { my @sinfo = `df -P | grep '%'`; my @iinfo = `df -Pi| grep '%'`; shift @iinfo; @@ -1370,7 +1370,7 @@ sub merge_hash { return \%result; } -sub is_virtual_machine() { +sub is_virtual_machine { my $isVm = `grep -Ec '^flags.*\ hypervisor\ ' /proc/cpuinfo`; return ( $isVm == 0 ? 0 : 1 ); } @@ -1402,7 +1402,7 @@ sub infocmd_one { return join ', ', @result; } -sub get_kernel_info() { +sub get_kernel_info { my @params = ( 'fs.aio-max-nr', 'fs.aio-nr', 'fs.file-max', 'sunrpc.tcp_fin_timeout', @@ -1453,7 +1453,7 @@ sub get_kernel_info() { } -sub get_system_info() { +sub get_system_info { $result{'OS'}{'Release'} = get_os_release(); infoprint get_os_release; if (is_virtual_machine) { From a30c941edad1a6a894749c3b5a5d5cb04b0d2905 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 27 Dec 2016 17:53:46 +0100 Subject: [PATCH 003/102] Update vulnerabilities list --- vulnerabilities.csv | 298 +++++++++++++++++++++++--------------------- 1 file changed, 153 insertions(+), 145 deletions(-) diff --git a/vulnerabilities.csv b/vulnerabilities.csv index f604d2a..c94401a 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -310,135 +310,135 @@ 5.5.39;5;5;39;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; 5.6.20;5;6;20;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; 5.6.19;5;6;19;CVE-2014-6564;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:70511 | URL:http://www.securityfocus.com/bid/70511";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | BID:72229 | URL:http://www.securityfocus.com/bid/72229 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150385(100190) | URL:http://xforce.iss.net/xforce/xfdb/100190";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0405;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:72223 | URL:http://www.securityfocus.com/bid/72223 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150409(100188) | URL:http://xforce.iss.net/xforce/xfdb/100188";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0423;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150432(100187) | URL:http://xforce.iss.net/xforce/xfdb/100187";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0439;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-4756.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0498;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74081 | URL:http://www.securityfocus.com/bid/74081";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0503;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0506;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2015-0508.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0508;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0506.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0511;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-2566;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-2567;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75762 | URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75774 | URL:http://www.securityfocus.com/bid/75774";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75760 | URL:http://www.securityfocus.com/bid/75760";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75815 | URL:http://www.securityfocus.com/bid/75815";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75813 | URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)"; -5.7.3;5;7;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; -6.1.3;6;1;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; -5.5.44;5;5;44;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | BID:75785 | URL:http://www.securityfocus.com/bid/75785";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75770 | URL:http://www.securityfocus.com/bid/75770";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77232 | URL:http://www.securityfocus.com/bid/77232";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75844 | URL:http://www.securityfocus.com/bid/75844";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75753 | URL:http://www.securityfocus.com/bid/75753";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75835 | URL:http://www.securityfocus.com/bid/75835";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75781 | URL:http://www.securityfocus.com/bid/75781";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77213 | URL:http://www.securityfocus.com/bid/77213";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77171 | URL:http://www.securityfocus.com/bid/77171";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77171 | URL:http://www.securityfocus.com/bid/77171";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4800;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:77216 | URL:http://www.securityfocus.com/bid/77216";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77165 | URL:http://www.securityfocus.com/bid/77165";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77165 | URL:http://www.securityfocus.com/bid/77165";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77222 | URL:http://www.securityfocus.com/bid/77222";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77222 | URL:http://www.securityfocus.com/bid/77222";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.44;5;5;44;CVE-2015-4816;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | BID:77134 | URL:http://www.securityfocus.com/bid/77134";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.44;5;5;44;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | BID:77196 | URL:http://www.securityfocus.com/bid/77196";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | BID:77196 | URL:http://www.securityfocus.com/bid/77196";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77237 | URL:http://www.securityfocus.com/bid/77237";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77237 | URL:http://www.securityfocus.com/bid/77237";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77228 | URL:http://www.securityfocus.com/bid/77228";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77228 | URL:http://www.securityfocus.com/bid/77228";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4833;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77170 | URL:http://www.securityfocus.com/bid/77170";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77190 | URL:http://www.securityfocus.com/bid/77190";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77190 | URL:http://www.securityfocus.com/bid/77190";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77145 | URL:http://www.securityfocus.com/bid/77145";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77145 | URL:http://www.securityfocus.com/bid/77145";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77137 | URL:http://www.securityfocus.com/bid/77137";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77137 | URL:http://www.securityfocus.com/bid/77137";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4862;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:77147 | URL:http://www.securityfocus.com/bid/77147";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | BID:77187 | URL:http://www.securityfocus.com/bid/77187";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | BID:77187 | URL:http://www.securityfocus.com/bid/77187";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-4866;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77132 | URL:http://www.securityfocus.com/bid/77132";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77208 | URL:http://www.securityfocus.com/bid/77208";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77208 | URL:http://www.securityfocus.com/bid/77208";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.44;5;5;44;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | BID:77140 | URL:http://www.securityfocus.com/bid/77140";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | BID:77140 | URL:http://www.securityfocus.com/bid/77140";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4890;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:77231 | URL:http://www.securityfocus.com/bid/77231";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4895;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77136 | URL:http://www.securityfocus.com/bid/77136";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4904;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77219 | URL:http://www.securityfocus.com/bid/77219";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-4905;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77143 | URL:http://www.securityfocus.com/bid/77143";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:77234 | URL:http://www.securityfocus.com/bid/77234";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77153 | URL:http://www.securityfocus.com/bid/77153";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | BID:77153 | URL:http://www.securityfocus.com/bid/77153";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72229 | URL:http://www.securityfocus.com/bid/72229 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150385(100190) | URL:http://xforce.iss.net/xforce/xfdb/100190";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0405;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72223 | URL:http://www.securityfocus.com/bid/72223 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150409(100188) | URL:http://xforce.iss.net/xforce/xfdb/100188";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0423;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150432(100187) | URL:http://xforce.iss.net/xforce/xfdb/100187";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0439;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-4756.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0498;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74081 | URL:http://www.securityfocus.com/bid/74081";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0503;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0506;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2015-0508.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0508;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0506.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0511;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-2566;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-2567;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75762 | URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75774 | URL:http://www.securityfocus.com/bid/75774";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75760 | URL:http://www.securityfocus.com/bid/75760";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75815 | URL:http://www.securityfocus.com/bid/75815";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75813 | URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)"; +5.7.3;5;7;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +6.1.3;6;1;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +5.5.44;5;5;44;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | BID:75785 | URL:http://www.securityfocus.com/bid/75785";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75770 | URL:http://www.securityfocus.com/bid/75770";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77232 | URL:http://www.securityfocus.com/bid/77232 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75844 | URL:http://www.securityfocus.com/bid/75844";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75753 | URL:http://www.securityfocus.com/bid/75753";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75835 | URL:http://www.securityfocus.com/bid/75835";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75781 | URL:http://www.securityfocus.com/bid/75781";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77213 | URL:http://www.securityfocus.com/bid/77213 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4800;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77216 | URL:http://www.securityfocus.com/bid/77216 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.44;5;5;44;CVE-2015-4816;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77134 | URL:http://www.securityfocus.com/bid/77134 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.44;5;5;44;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4833;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77170 | URL:http://www.securityfocus.com/bid/77170 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4862;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77147 | URL:http://www.securityfocus.com/bid/77147 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-4866;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77132 | URL:http://www.securityfocus.com/bid/77132 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.44;5;5;44;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4890;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77231 | URL:http://www.securityfocus.com/bid/77231 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4895;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77136 | URL:http://www.securityfocus.com/bid/77136 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4904;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77219 | URL:http://www.securityfocus.com/bid/77219 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-4905;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77143 | URL:http://www.securityfocus.com/bid/77143 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77234 | URL:http://www.securityfocus.com/bid/77234 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.28;5;6;28;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; 2.17.1;2;17;1;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; 10.0.22;10;0;22;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; 2.21.2;2;21;2;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; -5.4.43;5;4;43;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669";Assigned (20160331);"None (candidate not yet proposed)"; -5.5.27;5;5;27;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669";Assigned (20160331);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669";Assigned (20160331);"None (candidate not yet proposed)"; -5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066";Assigned (20151209);"None (candidate not yet proposed)"; -5.6.27;5;6;27;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066";Assigned (20151209);"None (candidate not yet proposed)"; -5.7.9;5;7;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066";Assigned (20151209);"None (candidate not yet proposed)"; -5.5.47;5;5;47;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066";Assigned (20151209);"None (candidate not yet proposed)"; -10.0.23;10;0;23;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066";Assigned (20151209);"None (candidate not yet proposed)"; -10.1.10;10;1;10;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066";Assigned (20151209);"None (candidate not yet proposed)"; -5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | BID:81810 | URL:http://www.securityfocus.com/bid/81810";Assigned (20160122);"None (candidate not yet proposed)"; -10.0.23;10;0;23;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | BID:81810 | URL:http://www.securityfocus.com/bid/81810";Assigned (20160122);"None (candidate not yet proposed)"; -10.1.10;10;1;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | BID:81810 | URL:http://www.securityfocus.com/bid/81810";Assigned (20160122);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | BID:81810 | URL:http://www.securityfocus.com/bid/81810";Assigned (20160122);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | BID:81810 | URL:http://www.securityfocus.com/bid/81810";Assigned (20160122);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | BID:81810 | URL:http://www.securityfocus.com/bid/81810";Assigned (20160122);"None (candidate not yet proposed)"; +5.4.43;5;4;43;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; +5.5.27;5;5;27;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; +5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.6.27;5;6;27;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.7.9;5;7;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.5.47;5;5;47;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +10.0.23;10;0;23;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +10.1.10;10;1;10;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +10.0.23;10;0;23;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +10.1.10;10;1;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-3424;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91976 | URL:http://www.securityfocus.com/bid/91976";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.11;5;7;11;CVE-2016-3440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91910 | URL:http://www.securityfocus.com/bid/91910";Assigned (20160317);"None (candidate not yet proposed)"; 5.5.48;5;5;48;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; @@ -451,8 +451,8 @@ 5.7.12;5;7;12;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; 10.0.25;10;0;25;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; 10.1.14;10;1;14;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; -3.0.25;3;0;25;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html";Assigned (20160317);"None (candidate not yet proposed)"; -3.1.2;3;1;2;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html";Assigned (20160317);"None (candidate not yet proposed)"; +3.0.25;3;0;25;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; +3.1.2;3;1;2;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; 5.5.45;5;5;45;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913";Assigned (20160317);"None (candidate not yet proposed)"; 5.6.26;5;6;26;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913";Assigned (20160317);"None (candidate not yet proposed)"; 5.5.49;5;5;49;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; @@ -463,9 +463,9 @@ 10.1.15;10;1;15;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; 5.6.30;5;6;30;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-3495;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93670 | URL:http://www.securityfocus.com/bid/93670";Assigned (20160317);"None (candidate not yet proposed)"; 5.6.30;5;6;30;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; @@ -506,22 +506,16 @@ 10.1.14;10;1;14;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; 5.6.32;5;6;32;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.14;5;7;14;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.33;5;6;33;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.15;5;7;15;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-5616;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-5616;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5616;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-5617;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-5617;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5617;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.33;5;6;33;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.15;5;7;15;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.14;5;7;14;CVE-2016-5625;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Packaging.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93617 | URL:http://www.securityfocus.com/bid/93617";Assigned (20160616);"None (candidate not yet proposed)"; 5.6.31;5;6;31;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93642 | URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93642 | URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-5628;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93662 | URL:http://www.securityfocus.com/bid/93662";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; 5.6.31;5;6;31;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93674 | URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93674 | URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-5631;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93684 | URL:http://www.securityfocus.com/bid/93684";Assigned (20160616);"None (candidate not yet proposed)"; @@ -536,11 +530,25 @@ 10.1.17;10;1;17;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; 5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; 5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.52;5;5;52;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.33;5;6;33;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.15;5;7;15;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +8.0.1;8;0;1;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +10.0.28;10;0;28;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +10.1.18;10;1;18;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; 5.6.26;5;6;26;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; 7.0.11;7;0;11;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; 5.6.31;5;6;31;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93755 | URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93755 | URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; 5.7.14;5;7;14;CVE-2016-8286;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93745 | URL:http://www.securityfocus.com/bid/93745";Assigned (20160926);"None (candidate not yet proposed)"; From e454b30c61c6d6f74badee0851b6c991dc939187 Mon Sep 17 00:00:00 2001 From: git001 Date: Wed, 28 Dec 2016 10:52:33 +0100 Subject: [PATCH 004/102] Fix Argument "NULL" isn't numeric Argument "NULL" isn't numeric in numeric ge (>=) at ./mysqltuner.pl line 305 (#1) (W numeric) The indicated string was fed as an argument to an operator that expected a numeric value instead. If you're fortunate the message will identify which operator was so unfortunate. --- mysqltuner.pl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mysqltuner.pl b/mysqltuner.pl index 0ab8d02..b93faca 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -302,6 +302,9 @@ sub infoprinthcmd { # Calculates the parameter passed in bytes, then rounds it to one decimal place sub hr_bytes { my $num = shift; + return "0B" unless defined($num) ; + return "0B" if $num eq "NULL" ; + if ( $num >= ( 1024**3 ) ) { #GB return sprintf( "%.1f", ( $num / ( 1024**3 ) ) ) . "G"; } From def15c2f8ff282e2450cb95441f9de3164c0fd06 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 13 Jan 2017 12:23:05 +0100 Subject: [PATCH 005/102] Adding recommandations for Galera --- mysqltuner.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/mysqltuner.pl b/mysqltuner.pl index b93faca..848865d 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -5039,6 +5039,7 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" else { badprint "There are $nbNodesSize nodes in wsrep_cluster_size. Prefer 3 or 5 nodes architecture."; + push @generalrec, "Prefer 3 or 5 nodes architecture."; } # wsrep_cluster_address doesn't include garbd nodes From 06830661cafb2b77b356a54b6ace9207f0314f58 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Mon, 23 Jan 2017 17:16:06 +0100 Subject: [PATCH 006/102] Update README.md --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index a223b03..dba3ec3 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,12 @@ MySQL in other areas. **Seriously - please review the FAQ section below.** + +Security recommandations +-- + +Hi directadmin user! We detected that you run mysqltuner with da_admin's credentials taken from /usr/local/directadmin/conf/my.cnf, which might bring to a password discovery! Read link for more details. + What MySQLTuner is checking exactly ? -- All checks done by **MySQLTuner** are documented in [MySQLTuner Internals](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md) documentation. From 738672b1c4e000ac9095756b6fc9ceb5d9b4bdd1 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Mon, 23 Jan 2017 17:17:31 +0100 Subject: [PATCH 007/102] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index dba3ec3..c836b5e 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,9 @@ MySQL in other areas. Security recommandations -- -Hi directadmin user! We detected that you run mysqltuner with da_admin's credentials taken from /usr/local/directadmin/conf/my.cnf, which might bring to a password discovery! Read link for more details. +Hi directadmin user! +We detected that you run mysqltuner with da_admin's credentials taken from /usr/local/directadmin/conf/my.cnf, which might bring to a password discovery! +Read link for more details[Issue #289](https://github.com/major/MySQLTuner-perl/issues/289). What MySQLTuner is checking exactly ? -- From 67e78592da23cc1d57745d94f7e975d0dd8eef9f Mon Sep 17 00:00:00 2001 From: root Date: Mon, 23 Jan 2017 17:32:47 +0100 Subject: [PATCH 008/102] #285 Argument "xxxM" isn t numeric in numeric ge (>=) --- mysqltuner.pl | 21 ++- vulnerabilities.csv | 406 ++++++++++++++++++++++---------------------- 2 files changed, 223 insertions(+), 204 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 848865d..a761494 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -319,6 +319,25 @@ sub hr_bytes { } } +sub hr_raw { + my $num = shift; + return "0" unless defined($num) ; + return "0" if $num eq "NULL" ; + if ($num =~ /^(\d+)G$/) { + return $1 * 1024* 1024* 1024; + } + if ($num =~ /^(\d+)M$/) { + return $1 * 1024* 1024; + } + if ($num =~ /^(\d+)K$/) { + return $1 * 1024; + } + if ($num =~ /^(\d+)$/) { + return $1; + } + return $num; +} + # Calculates the parameter passed in bytes, then rounds it to the nearest integer sub hr_bytes_rnd { my $num = shift; @@ -4918,7 +4937,7 @@ sub get_wsrep_options { } sub get_gcache_memory { - my $gCacheMem = get_wsrep_option('gcache.size'); + my $gCacheMem = hr_raw(get_wsrep_option('gcache.size')); return 0 unless defined $gCacheMem and $gCacheMem ne ''; return $gCacheMem; diff --git a/vulnerabilities.csv b/vulnerabilities.csv index c94401a..22c8784 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -150,13 +150,13 @@ 5.1.63;5;1;63;CVE-2013-1548;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; 5.1.67;5;1;67;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; 5.5.29;5;5;29;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.5.30;5;5;30;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.3.13;5;3;13;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.2.15;5;2;15;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.1.68;5;1;68;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.1.69;5;1;69;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.5.30;5;5;30;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.3.13;5;3;13;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.2.15;5;2;15;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.1.68;5;1;68;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.1.69;5;1;69;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.5.31;5;5;31;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; 5.6.10;5;6;10;CVE-2013-2381;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; 5.1.68;5;1;68;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; 5.5.30;5;5;30;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; @@ -193,167 +193,167 @@ 5.6.11;5;6;11;CVE-2013-3811;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3806.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95335 | URL:http://osvdb.org/95335 | XF:oracle-cpujuly2013-cve20133811(85722) | URL:http://xforce.iss.net/xforce/xfdb/85722";Assigned (20130603);"None (candidate not yet proposed)"; 5.5.31;5;5;31;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:http://xforce.iss.net/xforce/xfdb/85723";Assigned (20130603);"None (candidate not yet proposed)"; 5.6.11;5;6;11;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:http://xforce.iss.net/xforce/xfdb/85723";Assigned (20130603);"None (candidate not yet proposed)"; -5.1.70;5;1;70;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.32;5;5;32;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.12;5;6;12;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.12;5;6;12;CVE-2013-5767;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-5770;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.12;5;6;12;CVE-2013-5786;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5793.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.12;5;6;12;CVE-2013-5793;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5786.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; -5.5.32;5;5;32;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.12;5;6;12;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2013-5860;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64864 | URL:http://www.securityfocus.com/bid/64864 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135860(90373) | URL:http://xforce.iss.net/xforce/xfdb/90373";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2013-5881;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2014-0431.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64885 | URL:http://www.securityfocus.com/bid/64885 | OSVDB:102066 | URL:http://osvdb.org/102066 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135881(90377) | URL:http://xforce.iss.net/xforce/xfdb/90377";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2013-5882;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64854 | URL:http://www.securityfocus.com/bid/64854 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135882(90374) | URL:http://xforce.iss.net/xforce/xfdb/90374";Assigned (20130918);"None (candidate not yet proposed)"; -5.5.33;5;5;33;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2013-5894;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64873 | URL:http://www.securityfocus.com/bid/64873 | OSVDB:102065 | URL:http://osvdb.org/102065 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135894(90376) | URL:http://xforce.iss.net/xforce/xfdb/90376";Assigned (20130918);"None (candidate not yet proposed)"; -5.1.72;5;1;72;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; -02.565.64;02;565;64;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.71;5;1;71;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.33;5;5;33;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.71;5;1;71;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.33;5;5;33;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.72;5;1;72;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.71;5;1;71;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.33;5;5;33;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.72;5;1;72;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0427;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64868 | URL:http://www.securityfocus.com/bid/64868 | OSVDB:102072 | URL:http://osvdb.org/102072 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140427(90383) | URL:http://xforce.iss.net/xforce/xfdb/90383";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0430;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64893 | URL:http://www.securityfocus.com/bid/64893 | OSVDB:102076 | URL:http://osvdb.org/102076 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140430(90387) | URL:http://xforce.iss.net/xforce/xfdb/90387";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0431;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5881.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64897 | URL:http://www.securityfocus.com/bid/64897 | OSVDB:102073 | URL:http://osvdb.org/102073 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140431(90384) | URL:http://xforce.iss.net/xforce/xfdb/90384";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0433;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64895 | URL:http://www.securityfocus.com/bid/64895 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140433(90375) | URL:http://xforce.iss.net/xforce/xfdb/90375";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.72;5;1;72;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.36;5;5;36;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.16;5;6;16;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.36;5;5;36;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.16;5;6;16;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2434;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | BID:66872 | URL:http://www.securityfocus.com/bid/66872";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.16;5;6;16;CVE-2014-2435;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | BID:66853 | URL:http://www.securityfocus.com/bid/66853";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.36;5;5;36;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.16;5;6;16;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; +5.1.70;5;1;70;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.32;5;5;32;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.12;5;6;12;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.12;5;6;12;CVE-2013-5767;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63113 | URL:http://www.securityfocus.com/bid/63113 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-5770;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63119 | URL:http://www.securityfocus.com/bid/63119 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.12;5;6;12;CVE-2013-5786;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5793.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63107 | URL:http://www.securityfocus.com/bid/63107 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.12;5;6;12;CVE-2013-5793;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5786.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63116 | URL:http://www.securityfocus.com/bid/63116 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; +5.5.32;5;5;32;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63105 | URL:http://www.securityfocus.com/bid/63105 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.12;5;6;12;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63105 | URL:http://www.securityfocus.com/bid/63105 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2013-5860;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64864 | URL:http://www.securityfocus.com/bid/64864 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135860(90373) | URL:http://xforce.iss.net/xforce/xfdb/90373";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2013-5881;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2014-0431.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64885 | URL:http://www.securityfocus.com/bid/64885 | OSVDB:102066 | URL:http://osvdb.org/102066 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135881(90377) | URL:http://xforce.iss.net/xforce/xfdb/90377";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2013-5882;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64854 | URL:http://www.securityfocus.com/bid/64854 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135882(90374) | URL:http://xforce.iss.net/xforce/xfdb/90374";Assigned (20130918);"None (candidate not yet proposed)"; +5.5.33;5;5;33;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2013-5894;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64873 | URL:http://www.securityfocus.com/bid/64873 | OSVDB:102065 | URL:http://osvdb.org/102065 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135894(90376) | URL:http://xforce.iss.net/xforce/xfdb/90376";Assigned (20130918);"None (candidate not yet proposed)"; +5.1.72;5;1;72;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; +02.565.64;02;565;64;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.71;5;1;71;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.33;5;5;33;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.71;5;1;71;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.33;5;5;33;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.72;5;1;72;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.71;5;1;71;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.33;5;5;33;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.72;5;1;72;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0427;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64868 | URL:http://www.securityfocus.com/bid/64868 | OSVDB:102072 | URL:http://osvdb.org/102072 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140427(90383) | URL:http://xforce.iss.net/xforce/xfdb/90383";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0430;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64893 | URL:http://www.securityfocus.com/bid/64893 | OSVDB:102076 | URL:http://osvdb.org/102076 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140430(90387) | URL:http://xforce.iss.net/xforce/xfdb/90387";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0431;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5881.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64897 | URL:http://www.securityfocus.com/bid/64897 | OSVDB:102073 | URL:http://osvdb.org/102073 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140431(90384) | URL:http://xforce.iss.net/xforce/xfdb/90384";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0433;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64895 | URL:http://www.securityfocus.com/bid/64895 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140433(90375) | URL:http://xforce.iss.net/xforce/xfdb/90375";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.72;5;1;72;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.36;5;5;36;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.16;5;6;16;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.36;5;5;36;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.16;5;6;16;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2434;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66872 | URL:http://www.securityfocus.com/bid/66872";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.16;5;6;16;CVE-2014-2435;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66853 | URL:http://www.securityfocus.com/bid/66853";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.36;5;5;36;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.16;5;6;16;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; 5.6.15;5;6;15;CVE-2014-2442;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; 5.6.15;5;6;15;CVE-2014-2444;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; 5.6.15;5;6;15;CVE-2014-2450;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; 5.6.15;5;6;15;CVE-2014-2451;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-2484;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRFTS.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.37;5;5;37;CVE-2014-2494;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.37;5;5;37;CVE-2014-4207;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68593 | URL:http://www.securityfocus.com/bid/68593 | XF:oracle-cpujul2014-cve20144207(94624) | URL:http://xforce.iss.net/xforce/xfdb/94624";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4214;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68607 | URL:http://www.securityfocus.com/bid/68607 | XF:oracle-cpujul2014-cve20144214(94627) | URL:http://xforce.iss.net/xforce/xfdb/94627";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4233;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68598 | URL:http://www.securityfocus.com/bid/68598 | XF:oracle-cpujul2014-cve20144233(94625) | URL:http://xforce.iss.net/xforce/xfdb/94625";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4238;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68587 | URL:http://www.securityfocus.com/bid/68587 | XF:oracle-cpujul2014-cve20144238(94623) | URL:http://xforce.iss.net/xforce/xfdb/94623";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4240;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68602 | URL:http://www.securityfocus.com/bid/68602 | XF:oracle-cpujul2014-cve20144240(94626) | URL:http://xforce.iss.net/xforce/xfdb/94626";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | XF:oracle-cpujul2014-cve20144243(94628) | URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | XF:oracle-cpujul2014-cve20144243(94628) | URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.37;5;5;37;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | XF:oracle-cpujul2014-cve20144258(94620) | URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | XF:oracle-cpujul2014-cve20144258(94620) | URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.37;5;5;37;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | XF:oracle-cpujul2014-cve20144260(94621) | URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | XF:oracle-cpujul2014-cve20144260(94621) | URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70532 | URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70532 | URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70451 | URL:http://www.securityfocus.com/bid/70451 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70451 | URL:http://www.securityfocus.com/bid/70451 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70446 | URL:http://www.securityfocus.com/bid/70446 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70446 | URL:http://www.securityfocus.com/bid/70446 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6474;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70489 | URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70489 | URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70455 | URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70455 | URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6489;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:70525 | URL:http://www.securityfocus.com/bid/70525";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70444 | URL:http://www.securityfocus.com/bid/70444 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70444 | URL:http://www.securityfocus.com/bid/70444 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70497 | URL:http://www.securityfocus.com/bid/70497 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70497 | URL:http://www.securityfocus.com/bid/70497 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70496 | URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70496 | URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70469 | URL:http://www.securityfocus.com/bid/70469 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70469 | URL:http://www.securityfocus.com/bid/70469 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70478 | URL:http://www.securityfocus.com/bid/70478 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70478 | URL:http://www.securityfocus.com/bid/70478 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70516 | URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70516 | URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70550 | URL:http://www.securityfocus.com/bid/70550 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70550 | URL:http://www.securityfocus.com/bid/70550 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6520;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70510 | URL:http://www.securityfocus.com/bid/70510";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70486 | URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70486 | URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70462 | URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | BID:70462 | URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70530 | URL:http://www.securityfocus.com/bid/70530 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70530 | URL:http://www.securityfocus.com/bid/70530 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6564;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | BID:70511 | URL:http://www.securityfocus.com/bid/70511";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-2484;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRFTS.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.37;5;5;37;CVE-2014-2494;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.37;5;5;37;CVE-2014-4207;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68593 | URL:http://www.securityfocus.com/bid/68593 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144207(94624) | URL:http://xforce.iss.net/xforce/xfdb/94624";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4214;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68607 | URL:http://www.securityfocus.com/bid/68607 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144214(94627) | URL:http://xforce.iss.net/xforce/xfdb/94627";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4233;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68598 | URL:http://www.securityfocus.com/bid/68598 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144233(94625) | URL:http://xforce.iss.net/xforce/xfdb/94625";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4238;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68587 | URL:http://www.securityfocus.com/bid/68587 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144238(94623) | URL:http://xforce.iss.net/xforce/xfdb/94623";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4240;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68602 | URL:http://www.securityfocus.com/bid/68602 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144240(94626) | URL:http://xforce.iss.net/xforce/xfdb/94626";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.37;5;5;37;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.37;5;5;37;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70532 | URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70532 | URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70451 | URL:http://www.securityfocus.com/bid/70451 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70451 | URL:http://www.securityfocus.com/bid/70451 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70446 | URL:http://www.securityfocus.com/bid/70446 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70446 | URL:http://www.securityfocus.com/bid/70446 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6474;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70489 | URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70489 | URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70455 | URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70455 | URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6489;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70525 | URL:http://www.securityfocus.com/bid/70525";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70444 | URL:http://www.securityfocus.com/bid/70444 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70444 | URL:http://www.securityfocus.com/bid/70444 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70497 | URL:http://www.securityfocus.com/bid/70497 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70497 | URL:http://www.securityfocus.com/bid/70497 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70496 | URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70496 | URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70469 | URL:http://www.securityfocus.com/bid/70469 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70469 | URL:http://www.securityfocus.com/bid/70469 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70478 | URL:http://www.securityfocus.com/bid/70478 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70478 | URL:http://www.securityfocus.com/bid/70478 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70516 | URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70516 | URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70550 | URL:http://www.securityfocus.com/bid/70550 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70550 | URL:http://www.securityfocus.com/bid/70550 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6520;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70510 | URL:http://www.securityfocus.com/bid/70510";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70486 | URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70486 | URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70462 | URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70462 | URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70530 | URL:http://www.securityfocus.com/bid/70530 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70530 | URL:http://www.securityfocus.com/bid/70530 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6564;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70511 | URL:http://www.securityfocus.com/bid/70511";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72229 | URL:http://www.securityfocus.com/bid/72229 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150385(100190) | URL:http://xforce.iss.net/xforce/xfdb/100190";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0405;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0405;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72223 | URL:http://www.securityfocus.com/bid/72223 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150409(100188) | URL:http://xforce.iss.net/xforce/xfdb/100188";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0423;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150432(100187) | URL:http://xforce.iss.net/xforce/xfdb/100187";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0439;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-4756.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0498;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74081 | URL:http://www.securityfocus.com/bid/74081";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0503;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0506;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2015-0508.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0508;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0506.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0511;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-2566;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-2567;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0423;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72217 | URL:http://www.securityfocus.com/bid/72217 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150432(100187) | URL:http://xforce.iss.net/xforce/xfdb/100187";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0439;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-4756.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74085 | URL:http://www.securityfocus.com/bid/74085 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0498;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74081 | URL:http://www.securityfocus.com/bid/74081 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0503;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0506;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2015-0508.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0508;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0506.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0511;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-2566;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-2567;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; 5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; 5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; 5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75762 | URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)"; @@ -463,10 +463,10 @@ 10.1.15;10;1;15;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; 5.6.30;5;6;30;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-3495;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93670 | URL:http://www.securityfocus.com/bid/93670";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-3495;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93670 | URL:http://www.securityfocus.com/bid/93670";Assigned (20160317);"None (candidate not yet proposed)"; 5.6.30;5;6;30;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-3518;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91967 | URL:http://www.securityfocus.com/bid/91967";Assigned (20160317);"None (candidate not yet proposed)"; @@ -504,32 +504,32 @@ 5.5.49;5;5;49;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; 10.0.25;10;0;25;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; 10.1.14;10;1;14;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.33;5;6;33;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.15;5;7;15;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5625;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Packaging.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93617 | URL:http://www.securityfocus.com/bid/93617";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93642 | URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93642 | URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5628;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93662 | URL:http://www.securityfocus.com/bid/93662";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93674 | URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93674 | URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5631;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93684 | URL:http://www.securityfocus.com/bid/93684";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5632;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93693 | URL:http://www.securityfocus.com/bid/93693";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5633;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-8290.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93702 | URL:http://www.securityfocus.com/bid/93702";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5635;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93715 | URL:http://www.securityfocus.com/bid/93715";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.52;5;5;52;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.33;5;6;33;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.15;5;7;15;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -10.0.27;10;0;27;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -10.1.17;10;1;17;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.33;5;6;33;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.15;5;7;15;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-5625;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Packaging.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93617 | URL:http://www.securityfocus.com/bid/93617";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93642 | URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93642 | URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5628;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93662 | URL:http://www.securityfocus.com/bid/93662";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93674 | URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93674 | URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5631;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93684 | URL:http://www.securityfocus.com/bid/93684";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-5632;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93693 | URL:http://www.securityfocus.com/bid/93693";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5633;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-8290.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93702 | URL:http://www.securityfocus.com/bid/93702";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5635;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93715 | URL:http://www.securityfocus.com/bid/93715";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.52;5;5;52;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.33;5;6;33;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.15;5;7;15;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +10.0.27;10;0;27;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +10.1.17;10;1;17;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; 5.5.52;5;5;52;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; 5.6.33;5;6;33;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; 5.7.15;5;7;15;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; @@ -546,14 +546,14 @@ 5.5.41;5;5;41;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; 5.6.26;5;6;26;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; 7.0.11;7;0;11;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93755 | URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93755 | URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-8286;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93745 | URL:http://www.securityfocus.com/bid/93745";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-8287;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93727 | URL:http://www.securityfocus.com/bid/93727";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93740 | URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93740 | URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93720 | URL:http://www.securityfocus.com/bid/93720";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93733 | URL:http://www.securityfocus.com/bid/93733";Assigned (20160926);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93755 | URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93755 | URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-8286;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93745 | URL:http://www.securityfocus.com/bid/93745";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-8287;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93727 | URL:http://www.securityfocus.com/bid/93727";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.30;5;6;30;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93740 | URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93740 | URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93720 | URL:http://www.securityfocus.com/bid/93720";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93733 | URL:http://www.securityfocus.com/bid/93733";Assigned (20160926);"None (candidate not yet proposed)"; From de268044ffebd1d3630a74d357f58ec514eb960d Mon Sep 17 00:00:00 2001 From: Carlos Ferreira Date: Tue, 24 Jan 2017 01:19:36 +0100 Subject: [PATCH 009/102] Some Markdown typos and fixes --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index c836b5e..9d15c2b 100644 --- a/README.md +++ b/README.md @@ -11,10 +11,10 @@ MySQLTuner-perl **MySQLTuner** supports in this last version ~300 indicators for MySQL/MariaDB/Percona Server. -**MySQLTuner** is maintained and indicator collect is increasing week after week supporting a lot of configuration such as ![Galera Cluster](http://galeracluster.com/), ![TokuDB](https://www.percona.com/software/mysql-database/percona-tokudb), ![ Performance schema](https://github.com/mysql/mysql-sys), Linux OS metrics, ![InnoDB](http://dev.mysql.com/doc/refman/5.7/en/innodb-storage-engine.html), ![MyISAM](http://dev.mysql.com/doc/refman/5.7/en/myisam-storage-engine.html), ![Aria](https://mariadb.com/kb/en/mariadb/aria/), ... +**MySQLTuner** is maintained and indicator collect is increasing week after week supporting a lot of configuration such as [Galera Cluster](http://galeracluster.com/), [TokuDB](https://www.percona.com/software/mysql-database/percona-tokudb), [Performance schema](https://github.com/mysql/mysql-sys), Linux OS metrics, [InnoDB](http://dev.mysql.com/doc/refman/5.7/en/innodb-storage-engine.html), [MyISAM](http://dev.mysql.com/doc/refman/5.7/en/myisam-storage-engine.html), [Aria](https://mariadb.com/kb/en/mariadb/aria/), ... You can found more details on this indicators -![Indicators description](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md). +[Indicators description](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md). ![MysqlTuner](https://github.com/major/MySQLTuner-perl/blob/master/mysqltuner.png) @@ -24,7 +24,7 @@ MySQLTuner needs you: **MySQLTuner** needs contributors for documentation, code and feedbacks.. -* Please join us on issue track at [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues). +* Please join us on issue track at [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues). * Contribution guide is available following [MySQLTuner contributing guide](https://github.com/major/MySQLTuner-perl/blob/master/CONTRIBUTING.md) * Star **MySQLTuner project** at [MySQLTuner Git Hub Project](https://github.com/major/MySQLTuner-perl) @@ -63,7 +63,7 @@ Security recommandations Hi directadmin user! We detected that you run mysqltuner with da_admin's credentials taken from /usr/local/directadmin/conf/my.cnf, which might bring to a password discovery! -Read link for more details[Issue #289](https://github.com/major/MySQLTuner-perl/issues/289). +Read link for more details [Issue #289](https://github.com/major/MySQLTuner-perl/issues/289). What MySQLTuner is checking exactly ? -- @@ -238,7 +238,7 @@ MySQLTuner needs you -- **MySQLTuner** needs contributors for documentation, code and feedbacks.. -* Please join us on issue track at [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues). +* Please join us on issue track at [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues). * Contribution guide is avalaible following [MySQLTuner contributing guide](https://github.com/major/MySQLTuner-perl/blob/master/CONTRIBUTING.md) * Star **MySQLTuner project** at [MySQLTuner Git Hub Project](https://github.com/major/MySQLTuner-perl) From 97d1ea347f3addd0ad9d20f26338ff9da908ec28 Mon Sep 17 00:00:00 2001 From: Bruno Perel Date: Thu, 26 Jan 2017 22:00:00 +0100 Subject: [PATCH 010/102] Fix typo --- mysqltuner.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index a761494..cdd8396 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -5704,7 +5704,7 @@ ENDSQL my @info = split /\s/; infoprint "Index: " . $info[1] . ""; - infoprint " +-- COLUNM : " . $info[0] . ""; + infoprint " +-- COLUMN : " . $info[0] . ""; infoprint " +-- NB SEQS : " . $info[2] . " sequence(s)"; infoprint " +-- NB COLS : " . $info[3] . " column(s)"; infoprint " +-- CARDINALITY : " . $info[4] . " distinct values"; @@ -5712,7 +5712,7 @@ ENDSQL infoprint " +-- TYPE : " . $info[6]; infoprint " +-- SELECTIVITY : " . $info[7] . "%"; - $result{'Indexes'}{ $info[1] }{'Colunm'} = $info[0]; + $result{'Indexes'}{ $info[1] }{'Column'} = $info[0]; $result{'Indexes'}{ $info[1] }{'Sequence number'} = $info[2]; $result{'Indexes'}{ $info[1] }{'Number of collunm'} = $info[3]; $result{'Indexes'}{ $info[1] }{'Cardianality'} = $info[4]; From 490da41bcdc99a1a23bcbb27f1bae7769238b2d3 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Mon, 6 Feb 2017 22:34:08 +0100 Subject: [PATCH 011/102] Adding #289 adding warning info #271 adding message prescision for in advces message --- mysqltuner.pl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index cdd8396..e3af3b1 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -560,6 +560,8 @@ sub validate_tuner_version { } debugprint "curl and wget are not available."; infoprint "Unable to check for the latest MySQLTuner version"; + infoprint "Using --pass and --password option is insecure during MySQLTuner execution(Password disclosure)" + if ( defined($opt{'pass'})); } # Checks for updates to MySQLTuner @@ -5296,8 +5298,8 @@ sub mysql_innodb { . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . " should be equal 25%"; push( @adjvars, -"innodb_log_file_size should be equals to 1/4 of buffer pool size (=" - . hr_bytes_rnd( $myvar{'innodb_buffer_pool_size'} / 4 ) +"innodb_log_file_size * innodb_log_files_in_group should be equals to 1/4 of buffer pool size (=" + . hr_bytes_rnd( $myvar{'innodb_buffer_pool_size'} * $myvar{'innodb_log_files_in_group'} / 4 ) . ") if possible." ); } else { From 7d8224a6e489d1ad550e4c2bc796cff9021032f1 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Tue, 7 Feb 2017 06:27:34 +0100 Subject: [PATCH 012/102] Update vulnerabilities list --- vulnerabilities.csv | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/vulnerabilities.csv b/vulnerabilities.csv index 22c8784..4eee1e3 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -557,3 +557,43 @@ 5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93740 | URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93720 | URL:http://www.securityfocus.com/bid/93720";Assigned (20160926);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93733 | URL:http://www.securityfocus.com/bid/93733";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95538 | URL:http://www.securityfocus.com/bid/95538";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95482 | URL:http://www.securityfocus.com/bid/95482";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95486 | URL:http://www.securityfocus.com/bid/95486";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95479 | URL:http://www.securityfocus.com/bid/95479";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95470 | URL:http://www.securityfocus.com/bid/95470";Assigned (20161206);"None (candidate not yet proposed)"; From 871d984d1a37d949adc599ff0b7adb89aa4b4ac8 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Tue, 7 Feb 2017 06:56:17 +0100 Subject: [PATCH 013/102] Add advice for performance schema --- INTERNALS.md | 4 +- mysqltuner.pl | 241 ++++++++++++++++++++++++++++++-------------------- 2 files changed, 146 insertions(+), 99 deletions(-) diff --git a/INTERNALS.md b/INTERNALS.md index c932966..072b70e 100644 --- a/INTERNALS.md +++ b/INTERNALS.md @@ -292,7 +292,9 @@ * thread_pool_size between 4 to 8 for MyIsam usage ## MySQLTuner performance schema and sysschema information - +* Check that Performance schema is activated for 5.6+ version +* Check that Performance schema is disactivated for 5.5- version +* Check that Sys schema is installed * sys Schema version * Top user per connection * Top user per statement diff --git a/mysqltuner.pl b/mysqltuner.pl index e3af3b1..815ce25 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -193,12 +193,12 @@ my $basic_password_files = : abs_path( $opt{passwordfile} ); # Username from envvar -if (exists $opt{userenv} && exists $ENV{ $opt{userenv} }) { +if ( exists $opt{userenv} && exists $ENV{ $opt{userenv} } ) { $opt{user} = $ENV{ $opt{userenv} }; } # Related to password option -if (exists $opt{passenv} && exists $ENV{ $opt{passenv} }) { +if ( exists $opt{passenv} && exists $ENV{ $opt{passenv} } ) { $opt{pass} = $ENV{ $opt{passenv} }; } $opt{pass} = $opt{password} if ( $opt{pass} eq 0 and $opt{password} ne 0 ); @@ -302,9 +302,9 @@ sub infoprinthcmd { # Calculates the parameter passed in bytes, then rounds it to one decimal place sub hr_bytes { my $num = shift; - return "0B" unless defined($num) ; - return "0B" if $num eq "NULL" ; - + return "0B" unless defined($num); + return "0B" if $num eq "NULL"; + if ( $num >= ( 1024**3 ) ) { #GB return sprintf( "%.1f", ( $num / ( 1024**3 ) ) ) . "G"; } @@ -321,19 +321,19 @@ sub hr_bytes { sub hr_raw { my $num = shift; - return "0" unless defined($num) ; - return "0" if $num eq "NULL" ; - if ($num =~ /^(\d+)G$/) { - return $1 * 1024* 1024* 1024; + return "0" unless defined($num); + return "0" if $num eq "NULL"; + if ( $num =~ /^(\d+)G$/ ) { + return $1 * 1024 * 1024 * 1024; } - if ($num =~ /^(\d+)M$/) { - return $1 * 1024* 1024; + if ( $num =~ /^(\d+)M$/ ) { + return $1 * 1024 * 1024; } - if ($num =~ /^(\d+)K$/) { - return $1 * 1024; + if ( $num =~ /^(\d+)K$/ ) { + return $1 * 1024; } - if ($num =~ /^(\d+)$/) { - return $1; + if ( $num =~ /^(\d+)$/ ) { + return $1; } return $num; } @@ -341,10 +341,10 @@ sub hr_raw { # Calculates the parameter passed in bytes, then rounds it to the nearest integer sub hr_bytes_rnd { my $num = shift; - return "0B" unless defined($num) ; - return "0B" if $num eq "NULL" ; - - if ( $num >= ( 1024**3 ) ) { #GB + return "0B" unless defined($num); + return "0B" if $num eq "NULL"; + + if ( $num >= ( 1024**3 ) ) { #GB return int( ( $num / ( 1024**3 ) ) ) . "G"; } elsif ( $num >= ( 1024**2 ) ) { #MB @@ -560,8 +560,9 @@ sub validate_tuner_version { } debugprint "curl and wget are not available."; infoprint "Unable to check for the latest MySQLTuner version"; - infoprint "Using --pass and --password option is insecure during MySQLTuner execution(Password disclosure)" - if ( defined($opt{'pass'})); + infoprint +"Using --pass and --password option is insecure during MySQLTuner execution(Password disclosure)" + if ( defined( $opt{'pass'} ) ); } # Checks for updates to MySQLTuner @@ -710,6 +711,7 @@ sub mysql_setup { debugprint "MySQL Client: $mysqlcmd"; $opt{port} = ( $opt{port} eq 0 ) ? 3306 : $opt{port}; + # Are we being asked to connect via a socket? if ( $opt{socket} ne 0 ) { $remotestring = " -S $opt{socket} -P $opt{port}"; @@ -1055,7 +1057,8 @@ sub get_all_vars { # Support GTID MODE FOR MARIADB # Issue MariaDB GTID mode #272 - $myvar{'gtid_mode'}=$myvar{'gtid_strict_mode'} if (defined($myvar{'gtid_strict_mode'})); + $myvar{'gtid_mode'} = $myvar{'gtid_strict_mode'} + if ( defined( $myvar{'gtid_strict_mode'} ) ); $myvar{'have_threadpool'} = "NO"; if ( defined( $myvar{'thread_pool_size'} ) @@ -1112,8 +1115,9 @@ sub remove_empty { sub grep_file_contents { my $file = shift; - my $patt + my $patt; } + sub get_file_contents { my $file = shift; open( my $fh, "<", $file ) or die "Can't open $file for read: $!"; @@ -1129,85 +1133,96 @@ sub get_basic_passwords { sub log_file_recommandations { subheaderprint "Log file Recommendations"; - infoprint "Log file: " . $myvar{'log_error'}. "(".hr_bytes_rnd((stat $myvar{'log_error'})[7]).")"; - if ( -f "$myvar{'log_error'}" ) { - goodprint "Log file $myvar{'log_error'} exists"; - } else { - badprint "Log file $myvar{'log_error'} doesn't exist"; - } + infoprint "Log file: " + . $myvar{'log_error'} . "(" + . hr_bytes_rnd( ( stat $myvar{'log_error'} )[7] ) . ")"; + if ( -f "$myvar{'log_error'}" ) { + goodprint "Log file $myvar{'log_error'} exists"; + } + else { + badprint "Log file $myvar{'log_error'} doesn't exist"; + } if ( -r "$myvar{'log_error'}" ) { goodprint "Log file $myvar{'log_error'} is readable."; - } else { + } + else { badprint "Log file $myvar{'log_error'} isn't readable."; return; } - if ( (stat $myvar{'log_error'})[7] > 0 ) { - goodprint "Log file $myvar{'log_error'} is not empty"; - } else { - badprint "Log file $myvar{'log_error'} is empty"; - } - - if ( (stat $myvar{'log_error'})[7] < 32*1024*1024 ) { - goodprint "Log file $myvar{'log_error'} is smaller than 32 Mb"; - } else { - badprint "Log file $myvar{'log_error'} is bigger than 32 Mb"; - push @generalrec, - $myvar{'log_error'} ."is > 32Mb, you should analyze why or implement a rotation log strategy such as logrotate!" ; - } - - my @log_content = get_file_contents($myvar{'log_error'}); - - my $numLi = 0; + if ( ( stat $myvar{'log_error'} )[7] > 0 ) { + goodprint "Log file $myvar{'log_error'} is not empty"; + } + else { + badprint "Log file $myvar{'log_error'} is empty"; + } + + if ( ( stat $myvar{'log_error'} )[7] < 32 * 1024 * 1024 ) { + goodprint "Log file $myvar{'log_error'} is smaller than 32 Mb"; + } + else { + badprint "Log file $myvar{'log_error'} is bigger than 32 Mb"; + push @generalrec, + $myvar{'log_error'} + . "is > 32Mb, you should analyze why or implement a rotation log strategy such as logrotate!"; + } + + my @log_content = get_file_contents( $myvar{'log_error'} ); + + my $numLi = 0; my $nbWarnLog = 0; - my $nbErrLog = 0; + my $nbErrLog = 0; my @lastShutdowns; my @lastStarts; - foreach my $logLi ( @log_content ) { - $numLi++; - debugprint "$numLi: $logLi" if $logLi =~ /warning|error/i; - $nbErrLog++ if $logLi =~ /error/i; - $nbWarnLog++ if $logLi =~ /warning/i; - push @lastShutdowns, $logLi if $logLi =~ /Shutdown complete/ and $logLi !~ /Innodb/i; - push @lastStarts, $logLi if $logLi =~ /ready for connections/; + foreach my $logLi (@log_content) { + $numLi++; + debugprint "$numLi: $logLi" if $logLi =~ /warning|error/i; + $nbErrLog++ if $logLi =~ /error/i; + $nbWarnLog++ if $logLi =~ /warning/i; + push @lastShutdowns, $logLi + if $logLi =~ /Shutdown complete/ and $logLi !~ /Innodb/i; + push @lastStarts, $logLi if $logLi =~ /ready for connections/; } if ( $nbWarnLog > 0 ) { - badprint "$myvar{'log_error'} contains $nbWarnLog warning(s)."; - push @generalrec, "Control warning line(s) into $myvar{'log_error'} file"; - } else { - goodprint "$myvar{'log_error'} doesn't contain any warning."; + badprint "$myvar{'log_error'} contains $nbWarnLog warning(s)."; + push @generalrec, + "Control warning line(s) into $myvar{'log_error'} file"; + } + else { + goodprint "$myvar{'log_error'} doesn't contain any warning."; } if ( $nbErrLog > 0 ) { - badprint "$myvar{'log_error'} contains $nbErrLog error(s)."; - push @generalrec, "Control error line(s) into $myvar{'log_error'} file"; - } else { - goodprint "$myvar{'log_error'} doesn't contain any error."; + badprint "$myvar{'log_error'} contains $nbErrLog error(s)."; + push @generalrec, "Control error line(s) into $myvar{'log_error'} file"; } - + else { + goodprint "$myvar{'log_error'} doesn't contain any error."; + } + infoprint scalar @lastStarts . " start(s) detected in $myvar{'log_error'}"; my $nStart = 0; - my $nEnd = 10; + my $nEnd = 10; if ( scalar @lastStarts < $nEnd ) { $nEnd = scalar @lastStarts; } - for my $startd ( reverse @lastStarts[-$nEnd..-1] ) { + for my $startd ( reverse @lastStarts[ -$nEnd .. -1 ] ) { $nStart++; infoprint "$nStart) $startd"; } - infoprint scalar @lastShutdowns . " shutdown(s) detected in $myvar{'log_error'}"; - $nStart=0; - $nEnd=10; + infoprint scalar @lastShutdowns + . " shutdown(s) detected in $myvar{'log_error'}"; + $nStart = 0; + $nEnd = 10; if ( scalar @lastShutdowns < $nEnd ) { - $nEnd = scalar @lastShutdowns; + $nEnd = scalar @lastShutdowns; } - for my $shutd ( reverse @lastShutdowns[-$nEnd..-1] ) { - $nStart++; - infoprint "$nStart) $shutd"; + for my $shutd ( reverse @lastShutdowns[ -$nEnd .. -1 ] ) { + $nStart++; + infoprint "$nStart) $shutd"; } - #exit 0; + + #exit 0; } - - sub cve_recommendations { subheaderprint "CVE Security Recommendations"; unless ( defined( $opt{cvefile} ) && -f "$opt{cvefile}" ) { @@ -1721,7 +1736,7 @@ sub security_recommendations { my $nbins = 0; my $passreq; if (@passwords) { - my $nbInterPass=0; + my $nbInterPass = 0; foreach my $pass (@passwords) { $nbInterPass++; @@ -1751,7 +1766,8 @@ sub security_recommendations { $nbins++; } } - debugprint "$nbInterPass / ".scalar(@passwords) if ($nbInterPass %1000 ==0); + debugprint "$nbInterPass / " . scalar(@passwords) + if ( $nbInterPass % 1000 == 0 ); } } if ( $nbins > 0 ) { @@ -2017,7 +2033,8 @@ sub check_storage_engines { my $not_innodb = ''; if ( not defined $result{'Variables'}{'innodb_file_per_table'} ) { $not_innodb = "AND NOT ENGINE='InnoDB'"; - } elsif ( $result{'Variables'}{'innodb_file_per_table'} eq 'OFF' ) { + } + elsif ( $result{'Variables'}{'innodb_file_per_table'} eq 'OFF' ) { $not_innodb = "AND NOT ENGINE='InnoDB'"; } $result{'Tables'}{'Fragmented tables'} = @@ -2502,7 +2519,8 @@ sub calculations { # InnoDB if ( $myvar{'have_innodb'} eq "YES" ) { $mycalc{'innodb_log_size_pct'} = - ( $myvar{'innodb_log_file_size'} *$myvar{'innodb_log_files_in_group'} * 100 / + ( $myvar{'innodb_log_file_size'} * + $myvar{'innodb_log_files_in_group'} * 100 / $myvar{'innodb_buffer_pool_size'} ); } @@ -2770,9 +2788,12 @@ sub mysql_stats { push( @generalrec, "Upgrade MySQL to version 4+ to utilize query caching" ); } - elsif ( mysql_version_ge( 5, 5 ) and !mysql_version_ge( 10, 1 ) and $myvar{'query_cache_type'} eq "OFF" ) { + elsif ( mysql_version_ge( 5, 5 ) + and !mysql_version_ge( 10, 1 ) + and $myvar{'query_cache_type'} eq "OFF" ) + { goodprint - "Query cache is disabled by default due to mutex contention on multiprocessor machines."; +"Query cache is disabled by default due to mutex contention on multiprocessor machines."; } elsif ( $myvar{'query_cache_size'} < 1 ) { badprint "Query cache is disabled"; @@ -3292,22 +3313,36 @@ sub mysqsl_pfs { subheaderprint "Performance schema"; # Performance Schema - unless ( defined( $myvar{'performance_schema'} ) - and $myvar{'performance_schema'} eq 'ON' ) - { + $myvar{'performance_schema'} = 'OFF' + unless defined( $myvar{'performance_schema'} ); + unless ( $myvar{'performance_schema'} eq 'ON' ) { infoprint "Performance schema is disabled."; - return; + if ( mysql_version_ge( 5, 5 ) ) { + push( @generalrec, + "Performance should be activated for better diagnostics" ); + push( @adjvars, "performance_schema = ON enable PFS" ); + } + else { + push( @generalrec, +"Performance shouldn't be activated for MySQL and MariaDB 5.5 and lower version" + ); + push( @adjvars, "performance_schema = OFF disable PFS" ); + } } - infoprint "Performance schema is enabled."; + debugprint "Performance schema is " . $myvar{'performance_schema'}; infoprint "Memory used by P_S: " . hr_bytes( get_pf_memory() ); unless ( grep /^sys$/, select_array("SHOW DATABASES") ) { infoprint "Sys schema isn't installed."; + push( @generalrec, +"Consider installing Sys schema from https://github.com/mysql/mysql-sys" + ); return; } - - infoprint "Sys schema is installed."; - return if ( $opt{pfstat} == 0 ); + else { + infoprint "Sys schema is installed."; + } + return if ( $opt{pfstat} == 0 or $myvar{'performance_schema'} ne 'ON' ); infoprint "Sys schema Version: " . select_one("select sys_version from sys.version"); @@ -4939,7 +4974,7 @@ sub get_wsrep_options { } sub get_gcache_memory { - my $gCacheMem = hr_raw(get_wsrep_option('gcache.size')); + my $gCacheMem = hr_raw( get_wsrep_option('gcache.size') ); return 0 unless defined $gCacheMem and $gCacheMem ne ''; return $gCacheMem; @@ -5245,7 +5280,8 @@ sub mysql_innodb { } if ( defined $myvar{'innodb_log_files_in_group'} ) { infoprint " +-- InnoDB Total Log File Size: " - . hr_bytes( $myvar{'innodb_log_files_in_group'}*$myvar{'innodb_log_file_size'}); + . hr_bytes( $myvar{'innodb_log_files_in_group'} * + $myvar{'innodb_log_file_size'} ); } if ( defined $myvar{'innodb_log_buffer_size'} ) { infoprint " +-- InnoDB Log Buffer: " @@ -5294,17 +5330,24 @@ sub mysql_innodb { { badprint "Ratio InnoDB log file size / InnoDB Buffer pool size (" . $mycalc{'innodb_log_size_pct'} . " %): " - . hr_bytes( $myvar{'innodb_log_file_size'} )." * ".$myvar{'innodb_log_files_in_group'}. "/" + . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " + . $myvar{'innodb_log_files_in_group'} . "/" . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . " should be equal 25%"; - push( @adjvars, + push( + @adjvars, "innodb_log_file_size * innodb_log_files_in_group should be equals to 1/4 of buffer pool size (=" - . hr_bytes_rnd( $myvar{'innodb_buffer_pool_size'} * $myvar{'innodb_log_files_in_group'} / 4 ) - . ") if possible." ); + . hr_bytes_rnd( + $myvar{'innodb_buffer_pool_size'} * + $myvar{'innodb_log_files_in_group'} / 4 + ) + . ") if possible." + ); } else { goodprint "InnoDB log file size / InnoDB Buffer pool size: " - . hr_bytes( $myvar{'innodb_log_file_size'} ) ." * ".$myvar{'innodb_log_files_in_group'}. "/" + . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " + . $myvar{'innodb_log_files_in_group'} . "/" . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . " should be equal 25%"; } @@ -5567,7 +5610,9 @@ sub mysql_databases { ) ) . ")"; badprint "Index size is larger than data size for $dbinfo[0] \n" - if ( $dbinfo[2] ne 'NULL' ) and ( $dbinfo[3] ne 'NULL' ) and ( $dbinfo[2] < $dbinfo[3] ); + if ( $dbinfo[2] ne 'NULL' ) + and ( $dbinfo[3] ne 'NULL' ) + and ( $dbinfo[2] < $dbinfo[3] ); badprint "There are " . $dbinfo[5] . " storage engines. Be careful. \n" if $dbinfo[5] > 1; $result{'Databases'}{ $dbinfo[0] }{'Rows'} = $dbinfo[1]; From f92a62f37a5211129e0003509042474490aa4a31 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Tue, 7 Feb 2017 07:03:19 +0100 Subject: [PATCH 014/102] update USAGE information --- USAGE.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/USAGE.md b/USAGE.md index 56e7609..6d7142c 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,6 +1,6 @@ # NAME - MySQLTuner 1.6.20 - MySQL High Performance Tuning Script + MySQLTuner 1.7.0 - MySQL High Performance Tuning Script # IMPORTANT USAGE GUIDELINES @@ -15,7 +15,9 @@ You must provide the remote server's total memory when connecting to other serve --socket Use a different socket for a local connection --port Port to use for connection (default: 3306) --user Username to use for authentication + --userenv Name of env variable which contains username to use for authentication --pass Password to use for authentication + --passenv Name of env variable which contains password to use for authentication --mysqladmin Path to a custom mysqladmin executable --mysqlcmd Path to a custom mysql executable --defaults-file Path to a custom .my.cnf @@ -40,7 +42,7 @@ You must provide the remote server's total memory when connecting to other serve --dbstat Print database information --idxstat Print index information --sysstat Print system information - --pfstat Print Performance schema + --pfstat Print Performance schema --bannedports Ports banned separated by comma(,) --maxportallowed Number of ports opened allowed on this hosts --cvefile CVE File for vulnerability checks @@ -138,4 +140,4 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License -along with this program. If not, see . +along with this program. If not, see <http://www.gnu.org/licenses/>. From 5f4da0005553a995aa072bd2e07a9dd153b08bd2 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Tue, 7 Feb 2017 07:11:39 +0100 Subject: [PATCH 015/102] Update git ignore list Adding script to ident, update vulnerabilies list and generate USAGE file --- .gitignore | 1 + build/updateStaff.sh | 15 +++++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 build/updateStaff.sh diff --git a/.gitignore b/.gitignore index e05e355..ea6dd22 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ build/mysqltuner.spec build/build.log build/cve* build/vulnerabilities* +*.bak diff --git a/build/updateStaff.sh b/build/updateStaff.sh new file mode 100644 index 0000000..2b6a220 --- /dev/null +++ b/build/updateStaff.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +(cd .. +echo "* GENERATING USAGE FILE" +pod2markdown mysqltuner.pl >USAGE.md +echo "* TIDYFY SCRIPT" +perltidy -b mysqltuner.pl +) +echo "* Udate CVE list" +perl updateCVElist.pl + +git add ../vulnerabilities.csv ../mysqltuner.pl ./USAGE.md +git commit -m 'Update Vulnerabilities list +Identing mysqltuner +Update Usage information' \ No newline at end of file From cda3687f212722098f775356b532e15104a29a09 Mon Sep 17 00:00:00 2001 From: Ronald Date: Wed, 8 Feb 2017 17:33:44 +0100 Subject: [PATCH 016/102] lil' lang fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9d15c2b..1c13621 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ MySQLTuner-perl **MySQLTuner** is maintained and indicator collect is increasing week after week supporting a lot of configuration such as [Galera Cluster](http://galeracluster.com/), [TokuDB](https://www.percona.com/software/mysql-database/percona-tokudb), [Performance schema](https://github.com/mysql/mysql-sys), Linux OS metrics, [InnoDB](http://dev.mysql.com/doc/refman/5.7/en/innodb-storage-engine.html), [MyISAM](http://dev.mysql.com/doc/refman/5.7/en/myisam-storage-engine.html), [Aria](https://mariadb.com/kb/en/mariadb/aria/), ... -You can found more details on this indicators +You can find more details on these indicators here: [Indicators description](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md). From 02f13fcb52326d06de3ce926044c176a7161b25a Mon Sep 17 00:00:00 2001 From: Greg Kennedy Date: Wed, 8 Feb 2017 11:10:48 -0600 Subject: [PATCH 017/102] Do not test skip_name_resolve if skip_networking is ON MySQL name resolution only applies to TCP/IP connections ( see lines 504 and 599 of mysql-server/sql/sql_connect.cc ). Thus there is no reason to test, or suggest, setting skip_name_resolve if skip_networking exists and is turned on. --- mysqltuner.pl | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 815ce25..0086870 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -2769,7 +2769,11 @@ sub mysql_stats { } # name resolution - if ( not defined( $result{'Variables'}{'skip_name_resolve'} ) ) { + if ( defined( $result{'Variables'}{'skip_networking'} ) && $result{'Variables'}{'skip_networking'} eq 'ON' ) { + infoprint +"Skipped name resolution test due to skip_networking=ON in system variables."; + } + elsif ( not defined( $result{'Variables'}{'skip_name_resolve'} ) ) { infoprint "Skipped name resolution test due to missing skip_name_resolve in system variables."; } From 5aca8e22589f0d100ccf5fa749271d9efbd76194 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 13 Feb 2017 13:43:59 +0100 Subject: [PATCH 018/102] Update vulnerabilies list Issue #297: decrement version if word before is present in CVe description' --- build/updateCVElist.pl | 6 +- vulnerabilities.csv | 296 ++++++++++++++++++++--------------------- 2 files changed, 152 insertions(+), 150 deletions(-) diff --git a/build/updateCVElist.pl b/build/updateCVElist.pl index 535d26a..9219ae6 100644 --- a/build/updateCVElist.pl +++ b/build/updateCVElist.pl @@ -64,9 +64,11 @@ foreach my $line (@lines) { foreach my $vers (uniq(@versions)) { my @nb=split('\.', $vers); + $nb[2]-- if ($line =~ /before/i); #print $vers."\n".Dumper @nb; - #exit 0; - $f->write_file('file' => '../vulnerabilities.csv', 'content' => "$vers;$nb[0];$nb[1];$nb[2];$line\n", 'mode' => 'append'); + #print "$line"; + #exit 0 if ($line =~/before/i) ; + $f->write_file('file' => '../vulnerabilities.csv', 'content' => "$nb[0].$nb[1].$nb[2];$nb[0];$nb[1];$nb[2];$line\n", 'mode' => 'append'); } } } diff --git a/vulnerabilities.csv b/vulnerabilities.csv index 4eee1e3..1cefc04 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -1,63 +1,63 @@ 4.0.20;4;0;20;CVE-2004-0457;Candidate;"The mysqlhotcopy script in mysql 4.0.20 and earlier; when using the scp method from the mysql-server package; allows local users to overwrite arbitrary files via a symlink attack on temporary files.";"DEBIAN:DSA-540 | URL:http://www.debian.org/security/2004/dsa-540 | CONFIRM:http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | OVAL:oval:org.mitre.oval:def:10693 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10693 | XF:mysql-mysqlhotcopy-insecure-file(17030) | URL:http://xforce.iss.net/xforce/xfdb/17030";Assigned (20040506);"None (candidate not yet proposed)"; -4.0.21;4;0;21;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:http://xforce.iss.net/xforce/xfdb/17047";Assigned (20040908);"None (candidate not yet proposed)"; -3.23.49;3;23;49;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:http://xforce.iss.net/xforce/xfdb/17047";Assigned (20040908);"None (candidate not yet proposed)"; +4.0.20;4;0;20;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:http://xforce.iss.net/xforce/xfdb/17047";Assigned (20040908);"None (candidate not yet proposed)"; +3.23.48;3;23;48;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:http://xforce.iss.net/xforce/xfdb/17047";Assigned (20040908);"None (candidate not yet proposed)"; 4.1.9;4;1;9;CVE-2005-0799;Candidate;"MySQL 4.1.9; and possibly earlier versions; allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.";"BUGTRAQ:20050315 Denial of Service Vulnerability in MySQL Server for Windows | URL:http://marc.info/?l=bugtraq&m=111091250923281&w=2 | CONFIRM:http://bugs.mysql.com/bug.php?id=9148 | SECUNIA:14564 | URL:http://secunia.com/advisories/14564";Assigned (20050320);"None (candidate not yet proposed)"; -4.1.21;4;1;21;CVE-2006-3469;Candidate;"Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function; which is later used in a formatted print call to display the error message.";"MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 | MISC:http://bugs.mysql.com/bug.php?id=20729 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html | CONFIRM:http://docs.info.apple.com/article.html?artnum=305214 | APPLE:APPLE-SA-2007-03-13 | URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | DEBIAN:DSA-1112 | URL:http://www.debian.org/security/2006/dsa-1112 | GENTOO:GLSA-200608-09 | URL:http://security.gentoo.org/glsa/glsa-200608-09.xml | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | UBUNTU:USN-321-1 | URL:http://www.ubuntu.com/usn/usn-321-1 | CERT:TA07-072A | URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html | BID:19032 | URL:http://www.securityfocus.com/bid/19032 | OVAL:oval:org.mitre.oval:def:9827 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9827 | VUPEN:ADV-2007-0930 | URL:http://www.vupen.com/english/advisories/2007/0930 | SECUNIA:21147 | URL:http://secunia.com/advisories/21147 | SECUNIA:21366 | URL:http://secunia.com/advisories/21366 | SECUNIA:24479 | URL:http://secunia.com/advisories/24479 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226";Assigned (20060710);"None (candidate not yet proposed)"; -4.1.23;4;1;23;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.42;5;0;42;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; -5.1.18;5;1;18;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.45;5;0;45;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.40;5;0;40;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; -5.1.18;5;1;18;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.45;5;0;45;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.45;5;0;45;CVE-2007-3780;Candidate;"MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=28984 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2007:0875 | URL:http://www.redhat.com/support/errata/RHSA-2007-0875.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:36732 | URL:http://osvdb.org/36732 | OVAL:oval:org.mitre.oval:def:11058 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11058 | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | SECTRACK:1018629 | URL:http://www.securitytracker.com/id?1018629 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26621 | URL:http://secunia.com/advisories/26621 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823";Assigned (20070715);"None (candidate not yet proposed)"; -5.0.45;5;0;45;CVE-2007-3781;Candidate;"MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement; which allows remote authenticated users to obtain sensitive information such as the table structure.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=25578 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:37783 | URL:http://osvdb.org/37783 | OVAL:oval:org.mitre.oval:def:9195 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9195 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; -5.0.45;5;0;45;CVE-2007-3782;Candidate;"MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://bugs.mysql.com/bug.php?id=27878 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OVAL:oval:org.mitre.oval:def:10563 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10563 | SECTRACK:1018663 | URL:http://securitytracker.com/id?1018663 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; +4.1.20;4;1;20;CVE-2006-3469;Candidate;"Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function; which is later used in a formatted print call to display the error message.";"MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 | MISC:http://bugs.mysql.com/bug.php?id=20729 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html | CONFIRM:http://docs.info.apple.com/article.html?artnum=305214 | APPLE:APPLE-SA-2007-03-13 | URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | DEBIAN:DSA-1112 | URL:http://www.debian.org/security/2006/dsa-1112 | GENTOO:GLSA-200608-09 | URL:http://security.gentoo.org/glsa/glsa-200608-09.xml | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | UBUNTU:USN-321-1 | URL:http://www.ubuntu.com/usn/usn-321-1 | CERT:TA07-072A | URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html | BID:19032 | URL:http://www.securityfocus.com/bid/19032 | OVAL:oval:org.mitre.oval:def:9827 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9827 | VUPEN:ADV-2007-0930 | URL:http://www.vupen.com/english/advisories/2007/0930 | SECUNIA:21147 | URL:http://secunia.com/advisories/21147 | SECUNIA:21366 | URL:http://secunia.com/advisories/21366 | SECUNIA:24479 | URL:http://secunia.com/advisories/24479 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226";Assigned (20060710);"None (candidate not yet proposed)"; +4.1.22;4;1;22;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.41;5;0;41;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; +5.1.17;5;1;17;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.39;5;0;39;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; +5.1.17;5;1;17;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-3780;Candidate;"MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=28984 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2007:0875 | URL:http://www.redhat.com/support/errata/RHSA-2007-0875.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:36732 | URL:http://osvdb.org/36732 | OVAL:oval:org.mitre.oval:def:11058 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11058 | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | SECTRACK:1018629 | URL:http://www.securitytracker.com/id?1018629 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26621 | URL:http://secunia.com/advisories/26621 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823";Assigned (20070715);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-3781;Candidate;"MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement; which allows remote authenticated users to obtain sensitive information such as the table structure.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=25578 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:37783 | URL:http://osvdb.org/37783 | OVAL:oval:org.mitre.oval:def:9195 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9195 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-3782;Candidate;"MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://bugs.mysql.com/bug.php?id=27878 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OVAL:oval:org.mitre.oval:def:10563 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10563 | SECTRACK:1018663 | URL:http://securitytracker.com/id?1018663 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; +5.0.50;5;0;50;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; 5.0.51;5;0;51;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; -5.0.52;5;0;52;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; -5.1.23;5;1;23;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; -6.0.4;6;0;4;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; -5.0.51;5;0;51;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; -5.1.23;5;1;23;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; -6.0.4;6;0;4;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; -5.0.51;5;0;51;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; -5.1.23;5;1;23;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; -6.0.4;6;0;4;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; -5.1.23;5;1;23;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; -6.0.4;6;0;4;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; -5.0.66;5;0;66;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; -5.1.26;5;1;26;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; -6.0.6;6;0;6;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; -5.0.88;5;0;88;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; -5.1.41;5;1;41;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; -1.9.9;1;9;9;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.0.90;5;0;90;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.1.43;5;1;43;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.5.0;5;5;0;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.0.51;5;0;51;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; -37.1.1;37;1;1;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.0.93;5;0;93;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; -5.1.48;5;1;48;CVE-2010-2008;Candidate;"MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot); .. (dot dot); ../ (dot dot slash) or similar sequence; and an UPGRADE DATA DIRECTORY NAME command; which causes MySQL to move certain directories to the server data directory.";"CONFIRM:http://bugs.mysql.com/bug.php?id=53804 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html | FEDORA:FEDORA-2010-11135 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html | MANDRIVA:MDVSA-2010:155 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:41198 | URL:http://www.securityfocus.com/bid/41198 | OVAL:oval:org.mitre.oval:def:11869 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11869 | SECTRACK:1024160 | URL:http://www.securitytracker.com/id?1024160 | SECUNIA:40333 | URL:http://secunia.com/advisories/40333 | SECUNIA:40762 | URL:http://secunia.com/advisories/40762 | VUPEN:ADV-2010-1918 | URL:http://www.vupen.com/english/advisories/2010/1918";Assigned (20100521);"None (candidate not yet proposed)"; -5.0.92;5;0;92;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.51;5;1;51;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.6;5;5;6;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; -5.0.92;5;0;92;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.51;5;1;51;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.6;5;5;6;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.51;5;1;51;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.6;5;5;6;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; -5.0.92;5;0;92;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.51;5;1;51;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.6;5;5;6;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; -5.0.92;5;0;92;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.51;5;1;51;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.6;5;5;6;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; -5.0.92;5;0;92;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.51;5;1;51;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.6;5;5;6;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.51;5;1;51;CVE-2010-3840;Candidate;"The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.";"MISC:http://lists.mysql.com/commits/117094 | CONFIRM:http://bugs.mysql.com/bug.php?id=51875 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640865 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0824 | URL:http://www.redhat.com/support/errata/RHSA-2010-0824.html | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-gislinestringinitfromwkb-dos(64838) | URL:http://xforce.iss.net/xforce/xfdb/64838";Assigned (20101007);"None (candidate not yet proposed)"; -0.9.4;0;9;4;CVE-2011-0432;Candidate;"Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.";"CONFIRM:http://code.google.com/p/pywebdav/updates/list | CONFIRM:http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=677718 | DEBIAN:DSA-2177 | URL:http://www.debian.org/security/2011/dsa-2177 | FEDORA:FEDORA-2011-2427 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html | FEDORA:FEDORA-2011-2460 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html | FEDORA:FEDORA-2011-2470 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html | BID:46655 | URL:http://www.securityfocus.com/bid/46655 | SECUNIA:43571 | URL:http://secunia.com/advisories/43571 | SECUNIA:43602 | URL:http://secunia.com/advisories/43602 | SECUNIA:43703 | URL:http://secunia.com/advisories/43703 | VUPEN:ADV-2011-0553 | URL:http://www.vupen.com/english/advisories/2011/0553 | VUPEN:ADV-2011-0554 | URL:http://www.vupen.com/english/advisories/2011/0554 | VUPEN:ADV-2011-0634 | URL:http://www.vupen.com/english/advisories/2011/0634";Assigned (20110112);"None (candidate not yet proposed)"; +5.1.22;5;1;22;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; +6.0.3;6;0;3;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; +5.0.50;5;0;50;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; +5.1.22;5;1;22;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; +6.0.3;6;0;3;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; +5.0.50;5;0;50;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; +5.1.22;5;1;22;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; +6.0.3;6;0;3;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; +5.1.22;5;1;22;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; +6.0.3;6;0;3;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; +5.0.65;5;0;65;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; +5.1.25;5;1;25;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; +6.0.5;6;0;5;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; +5.0.87;5;0;87;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; +5.1.40;5;1;40;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; +1.9.8;1;9;8;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.0.89;5;0;89;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.1.42;5;1;42;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.5.-1;5;5;-1;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.0.50;5;0;50;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; +37.1.0;37;1;0;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.0.92;5;0;92;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; +5.1.49;5;1;49;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; +5.1.47;5;1;47;CVE-2010-2008;Candidate;"MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot); .. (dot dot); ../ (dot dot slash) or similar sequence; and an UPGRADE DATA DIRECTORY NAME command; which causes MySQL to move certain directories to the server data directory.";"CONFIRM:http://bugs.mysql.com/bug.php?id=53804 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html | FEDORA:FEDORA-2010-11135 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html | MANDRIVA:MDVSA-2010:155 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:41198 | URL:http://www.securityfocus.com/bid/41198 | OVAL:oval:org.mitre.oval:def:11869 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11869 | SECTRACK:1024160 | URL:http://www.securitytracker.com/id?1024160 | SECUNIA:40333 | URL:http://secunia.com/advisories/40333 | SECUNIA:40762 | URL:http://secunia.com/advisories/40762 | VUPEN:ADV-2010-1918 | URL:http://www.vupen.com/english/advisories/2010/1918";Assigned (20100521);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3840;Candidate;"The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.";"MISC:http://lists.mysql.com/commits/117094 | CONFIRM:http://bugs.mysql.com/bug.php?id=51875 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640865 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0824 | URL:http://www.redhat.com/support/errata/RHSA-2010-0824.html | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-gislinestringinitfromwkb-dos(64838) | URL:http://xforce.iss.net/xforce/xfdb/64838";Assigned (20101007);"None (candidate not yet proposed)"; +0.9.3;0;9;3;CVE-2011-0432;Candidate;"Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.";"CONFIRM:http://code.google.com/p/pywebdav/updates/list | CONFIRM:http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=677718 | DEBIAN:DSA-2177 | URL:http://www.debian.org/security/2011/dsa-2177 | FEDORA:FEDORA-2011-2427 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html | FEDORA:FEDORA-2011-2460 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html | FEDORA:FEDORA-2011-2470 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html | BID:46655 | URL:http://www.securityfocus.com/bid/46655 | SECUNIA:43571 | URL:http://secunia.com/advisories/43571 | SECUNIA:43602 | URL:http://secunia.com/advisories/43602 | SECUNIA:43703 | URL:http://secunia.com/advisories/43703 | VUPEN:ADV-2011-0553 | URL:http://www.vupen.com/english/advisories/2011/0553 | VUPEN:ADV-2011-0554 | URL:http://www.vupen.com/english/advisories/2011/0554 | VUPEN:ADV-2011-0634 | URL:http://www.vupen.com/english/advisories/2011/0634";Assigned (20110112);"None (candidate not yet proposed)"; 5.1.62;5;1;62;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:http://xforce.iss.net/xforce/xfdb/77061";Assigned (20120111);"None (candidate not yet proposed)"; 5.5.23;5;5;23;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:http://xforce.iss.net/xforce/xfdb/77061";Assigned (20120111);"None (candidate not yet proposed)"; 5.1.66;5;1;66;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; @@ -86,9 +86,9 @@ 5.5.23;5;5;23;CVE-2012-1735;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54549 | URL:http://www.securityfocus.com/bid/54549 | OSVDB:83975 | URL:http://osvdb.org/83975 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-serveroptimizer-dos(77060) | URL:http://xforce.iss.net/xforce/xfdb/77060";Assigned (20120316);"None (candidate not yet proposed)"; 5.5.23;5;5;23;CVE-2012-1756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54524 | URL:http://www.securityfocus.com/bid/54524 | OSVDB:83978 | URL:http://osvdb.org/83978 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-server1-dos(77063) | URL:http://xforce.iss.net/xforce/xfdb/77063";Assigned (20120316);"None (candidate not yet proposed)"; 5.5.23;5;5;23;CVE-2012-1757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54526 | URL:http://www.securityfocus.com/bid/54526 | OSVDB:83977 | URL:http://osvdb.org/83977 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-innodb1-dos(77062) | URL:http://xforce.iss.net/xforce/xfdb/77062";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.62;5;1;62;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; -5.5.22;5;5;22;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; -97.15.15;97;15;15;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; +5.1.61;5;1;61;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; +5.5.21;5;5;21;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; +97.15.14;97;15;14;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; 5.5.26;5;5;26;CVE-2012-3144;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-server-cve20123144-dos(79387) | URL:http://xforce.iss.net/xforce/xfdb/79387";Assigned (20120606);"None (candidate not yet proposed)"; 5.5.26;5;5;26;CVE-2012-3147;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-cve20123147(79384) | URL:http://xforce.iss.net/xforce/xfdb/79384";Assigned (20120606);"None (candidate not yet proposed)"; 5.5.26;5;5;26;CVE-2012-3149;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-info-disc(79390) | URL:http://xforce.iss.net/xforce/xfdb/79390";Assigned (20120606);"None (candidate not yet proposed)"; @@ -113,11 +113,11 @@ 5.5.27;5;5;27;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:http://xforce.iss.net/xforce/xfdb/79389";Assigned (20120606);"None (candidate not yet proposed)"; 5.1.64;5;1;64;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:http://xforce.iss.net/xforce/xfdb/79393";Assigned (20120606);"None (candidate not yet proposed)"; 5.5.26;5;5;26;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:http://xforce.iss.net/xforce/xfdb/79393";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.29;5;5;29;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; -5.1.62;5;1;62;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; -5.2.12;5;2;12;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; -5.3.7;5;3;7;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; -5.5.25;5;5;25;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; +5.1.61;5;1;61;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; +5.2.11;5;2;11;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; +5.3.6;5;3;6;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; +5.5.24;5;5;24;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; 5.1.65;5;1;65;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; 5.5.27;5;5;27;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; 5.5.28;5;5;28;CVE-2012-5096;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16877 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16877 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120922);"None (candidate not yet proposed)"; @@ -150,13 +150,13 @@ 5.1.63;5;1;63;CVE-2013-1548;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; 5.1.67;5;1;67;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; 5.5.29;5;5;29;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.5.30;5;5;30;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.3.13;5;3;13;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.2.15;5;2;15;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.5.29;5;5;29;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.3.12;5;3;12;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.2.14;5;2;14;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.1.67;5;1;67;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; 5.1.68;5;1;68;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.1.69;5;1;69;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.5.30;5;5;30;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; 5.6.10;5;6;10;CVE-2013-2381;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; 5.1.68;5;1;68;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; 5.5.30;5;5;30;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; @@ -211,8 +211,8 @@ 5.1.72;5;1;72;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; 5.5.34;5;5;34;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; 5.6.14;5;6;14;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; -02.565.64;02;565;64;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; +02.565.63;02;565;63;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; 5.5.35;5;5;35;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20131212);"None (candidate not yet proposed)"; 5.6.15;5;6;15;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20131212);"None (candidate not yet proposed)"; 5.1.71;5;1;71;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; @@ -367,9 +367,9 @@ 5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; 5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; 5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75813 | URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)"; -5.7.3;5;7;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; -6.1.3;6;1;3;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; -5.5.44;5;5;44;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +5.7.2;5;7;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +6.1.2;6;1;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; 5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; 5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; @@ -420,47 +420,47 @@ 5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77234 | URL:http://www.securityfocus.com/bid/77234 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.28;5;6;28;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; -2.17.1;2;17;1;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; -10.0.22;10;0;22;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; -2.21.2;2;21;2;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; -5.4.43;5;4;43;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; -5.5.27;5;5;27;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; +5.6.27;5;6;27;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; +2.17.0;2;17;0;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; +10.0.21;10;0;21;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; +2.21.1;2;21;1;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; +5.4.42;5;4;42;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.7.8;5;7;8;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; 5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -5.6.27;5;6;27;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -5.7.9;5;7;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -5.5.47;5;5;47;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -10.0.23;10;0;23;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -10.1.10;10;1;10;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +10.0.22;10;0;22;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +10.1.9;10;1;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.5.46;5;5;46;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +10.0.22;10;0;22;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +10.1.9;10;1;9;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; 5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -10.0.23;10;0;23;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -10.1.10;10;1;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +5.6.28;5;6;28;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +5.7.10;5;7;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-3424;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91976 | URL:http://www.securityfocus.com/bid/91976";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.11;5;7;11;CVE-2016-3440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91910 | URL:http://www.securityfocus.com/bid/91910";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.47;5;5;47;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.28;5;6;28;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.9;5;7;9;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; 5.5.48;5;5;48;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.10;5;7;10;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.49;5;5;49;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.25;10;0;25;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.14;10;1;14;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.25;10;0;25;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.14;10;1;14;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.24;10;0;24;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.13;10;1;13;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.24;10;0;24;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.13;10;1;13;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; 3.0.25;3;0;25;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; 3.1.2;3;1;2;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; 5.5.45;5;5;45;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913";Assigned (20160317);"None (candidate not yet proposed)"; 5.6.26;5;6;26;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; 5.5.49;5;5;49;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.50;5;5;50;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.26;10;0;26;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.15;10;1;15;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.25;10;0;25;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.14;10;1;14;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; 5.6.30;5;6;30;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; 5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; @@ -470,40 +470,40 @@ 5.6.30;5;6;30;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-3518;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91967 | URL:http://www.securityfocus.com/bid/91967";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; 5.5.49;5;5;49;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.50;5;5;50;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.26;10;0;26;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.15;10;1;15;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.25;10;0;25;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.14;10;1;14;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-3588;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91983 | URL:http://www.securityfocus.com/bid/91983";Assigned (20160317);"None (candidate not yet proposed)"; 5.6.30;5;6;30;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; 5.5.49;5;5;49;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.50;5;5;50;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.26;10;0;26;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.15;10;1;15;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.25;10;0;25;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.14;10;1;14;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-5436;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91906 | URL:http://www.securityfocus.com/bid/91906";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-5437;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91917 | URL:http://www.securityfocus.com/bid/91917";Assigned (20160616);"None (candidate not yet proposed)"; 5.6.30;5;6;30;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; 5.5.49;5;5;49;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.50;5;5;50;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; -10.0.26;10;0;26;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; -10.1.15;10;1;15;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; +10.0.25;10;0;25;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; +10.1.14;10;1;14;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-5441;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91915 | URL:http://www.securityfocus.com/bid/91915";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-5442;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91974 | URL:http://www.securityfocus.com/bid/91974";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.12;5;7;12;CVE-2016-5443;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91963 | URL:http://www.securityfocus.com/bid/91963";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.47;5;5;47;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.28;5;6;28;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.10;5;7;10;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; 5.5.48;5;5;48;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.49;5;5;49;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; -10.0.25;10;0;25;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; -10.1.14;10;1;14;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; +10.0.24;10;0;24;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; +10.1.13;10;1;13;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; 5.6.32;5;6;32;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.14;5;7;14;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; 5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; @@ -522,30 +522,30 @@ 5.7.14;5;7;14;CVE-2016-5632;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93693 | URL:http://www.securityfocus.com/bid/93693";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-5633;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-8290.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93702 | URL:http://www.securityfocus.com/bid/93702";Assigned (20160616);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-5635;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93715 | URL:http://www.securityfocus.com/bid/93715";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.52;5;5;52;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.33;5;6;33;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.15;5;7;15;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -10.0.27;10;0;27;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -10.1.17;10;1;17;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.52;5;5;52;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.33;5;6;33;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.15;5;7;15;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -8.0.1;8;0;1;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -10.0.28;10;0;28;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -10.1.18;10;1;18;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.50;5;5;50;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +10.0.26;10;0;26;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +10.1.16;10;1;16;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; 5.5.51;5;5;51;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; 5.6.32;5;6;32;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; 5.7.14;5;7;14;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; -7.0.11;7;0;11;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; +8.0.0;8;0;0;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +10.0.27;10;0;27;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +10.1.17;10;1;17;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.50;5;5;50;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; +7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; 5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; 5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; 5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; From 59238301bf5c96698fb652f6cd31f535eae0782e Mon Sep 17 00:00:00 2001 From: root Date: Mon, 13 Feb 2017 18:08:28 +0100 Subject: [PATCH 019/102] Adding new indicators for Galera Cluster' --- INTERNALS.md | 4 ++++ mysqltuner.pl | 29 +++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/INTERNALS.md b/INTERNALS.md index 072b70e..722aa56 100644 --- a/INTERNALS.md +++ b/INTERNALS.md @@ -249,6 +249,10 @@ * Joiner(Try to reach cluster group) * SYNCED state able to read/write * wsrep_cluster_conf_id configuration level must be identical in all nodes +* wsrep_slave_thread is between 3 or 4 times number of CPU core. +* gcs.limit should be equal to wsrep_slave_threads * 5 +* gcs.fc_factor should be equal to 0.8 +* Flow control fraction should be lower than 0.02 (wsrep_flow_control_paused < 0.02) * wsrep_last_commited committed level must be identical in all nodes * Look for tables without primary keys * Look for non InnoDB tables for Galera diff --git a/mysqltuner.pl b/mysqltuner.pl index 0086870..4f90a5d 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1514,6 +1514,8 @@ sub get_system_info { else { badprint "Internet : Disconnected"; } + $result{'OS'}{'NbCore'}= `nproc`; + infoprint "Number of Core CPU : ". `nproc`; $result{'OS'}{'Type'} = `uname -o`; infoprint "Operating System Type : " . infocmd_one "uname -o"; $result{'OS'}{'Kernel'} = `uname -r`; @@ -5039,6 +5041,33 @@ group by c.table_schema,c.table_name having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" ); + if (get_wsrep_option('wsrep_slave_threads') > `nproc`*4 or get_wsrep_option('wsrep_slave_threads') < `nproc`*3) { + badprint "wsrep_slave_threads is not equal to 3 or 4 times number of CPU(s)"; + push @adjvars, "wsrep_slave_threads= Nb of Core CPU * 4"; + } else { + goodprint "wsrep_slave_threads is equal to 3 or 4 times number of CPU(s)"; + } + + if (get_wsrep_option('gcs.limit') != get_wsrep_option('wsrep_slave_threads') *5 ) { + badprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; + push @adjvars, "gcs.limit= wsrep_slave_threads * 5"; + } + else { + goodprint "gcs.limit is equal to 5 * wsrep_slave_threads"; + } + if (get_wsrep_option('gcs.fc_factor') == 0.8 ) { + badprint "gcs.fc_factor should be equal to 0.8"; + push @adjvars, "gcs.fc_factor=0.8"; + } + else { + goodprint "gcs.limit is equal to 5 * wsrep_slave_threads"; + } + if (get_wsrep_option('wsrep_flow_control_paused') > 0.02) { + badprint "Fraction of time node pause flow control > 0.02"; + } + else { + goodprint "Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; + } if ( scalar(@primaryKeysNbTables) > 0 ) { badprint "Following table(s) don't have primary key:"; foreach my $badtable (@primaryKeysNbTables) { From 48be29a288ed8fd83557f94f28b58dbdf2dde948 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 14 Feb 2017 09:40:52 +0100 Subject: [PATCH 020/102] issue #300 Performance schema shouldn t be installed on 5.5 version. --- mysqltuner.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 4f90a5d..0efbfa4 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -3323,7 +3323,7 @@ sub mysqsl_pfs { unless defined( $myvar{'performance_schema'} ); unless ( $myvar{'performance_schema'} eq 'ON' ) { infoprint "Performance schema is disabled."; - if ( mysql_version_ge( 5, 5 ) ) { + if ( mysql_version_ge( 5, 6 ) ) { push( @generalrec, "Performance should be activated for better diagnostics" ); push( @adjvars, "performance_schema = ON enable PFS" ); From f04b32c8545e39eae85200d7d3c01d1466906065 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 6 Mar 2017 15:17:43 +0100 Subject: [PATCH 021/102] Use of uninitialized value #304 tidify script --- USAGE.md | 2 +- mysqltuner.pl | 38 ++++++++++++++++++++++++++------------ 2 files changed, 27 insertions(+), 13 deletions(-) diff --git a/USAGE.md b/USAGE.md index 6d7142c..3fce554 100644 --- a/USAGE.md +++ b/USAGE.md @@ -140,4 +140,4 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License -along with this program. If not, see <http://www.gnu.org/licenses/>. +along with this program. If not, see . diff --git a/mysqltuner.pl b/mysqltuner.pl index 0efbfa4..95601b2 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1230,6 +1230,9 @@ sub cve_recommendations { return; } +#$mysqlvermajor=10; +#$mysqlverminor=1; +#$mysqlvermicro=17; #prettyprint "Look for related CVE for $myvar{'version'} or lower in $opt{cvefile}"; my $cvefound = 0; open( my $fh, "<", $opt{cvefile} ) @@ -1514,8 +1517,8 @@ sub get_system_info { else { badprint "Internet : Disconnected"; } - $result{'OS'}{'NbCore'}= `nproc`; - infoprint "Number of Core CPU : ". `nproc`; + $result{'OS'}{'NbCore'} = `nproc`; + infoprint "Number of Core CPU : " . `nproc`; $result{'OS'}{'Type'} = `uname -o`; infoprint "Operating System Type : " . infocmd_one "uname -o"; $result{'OS'}{'Kernel'} = `uname -r`; @@ -2771,7 +2774,9 @@ sub mysql_stats { } # name resolution - if ( defined( $result{'Variables'}{'skip_networking'} ) && $result{'Variables'}{'skip_networking'} eq 'ON' ) { + if ( defined( $result{'Variables'}{'skip_networking'} ) + && $result{'Variables'}{'skip_networking'} eq 'ON' ) + { infoprint "Skipped name resolution test due to skip_networking=ON in system variables."; } @@ -4993,6 +4998,7 @@ sub get_wsrep_option { return '' unless scalar(@galera_options) > 0; my @memValues = grep /\s*$key =/, @galera_options; my $memValue = $memValues[0]; + return 0 unless defined $memValue; $memValue =~ s/.*=\s*(.+)$/$1/g; return $memValue; } @@ -5041,32 +5047,40 @@ group by c.table_schema,c.table_name having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" ); - if (get_wsrep_option('wsrep_slave_threads') > `nproc`*4 or get_wsrep_option('wsrep_slave_threads') < `nproc`*3) { - badprint "wsrep_slave_threads is not equal to 3 or 4 times number of CPU(s)"; + if ( get_wsrep_option('wsrep_slave_threads') > `nproc` * 4 + or get_wsrep_option('wsrep_slave_threads') < `nproc` * 3 ) + { + badprint + "wsrep_slave_threads is not equal to 3 or 4 times number of CPU(s)"; push @adjvars, "wsrep_slave_threads= Nb of Core CPU * 4"; - } else { - goodprint "wsrep_slave_threads is equal to 3 or 4 times number of CPU(s)"; - } + } + else { + goodprint + "wsrep_slave_threads is equal to 3 or 4 times number of CPU(s)"; + } - if (get_wsrep_option('gcs.limit') != get_wsrep_option('wsrep_slave_threads') *5 ) { + if ( get_wsrep_option('gcs.limit') != + get_wsrep_option('wsrep_slave_threads') * 5 ) + { badprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; push @adjvars, "gcs.limit= wsrep_slave_threads * 5"; } else { goodprint "gcs.limit is equal to 5 * wsrep_slave_threads"; } - if (get_wsrep_option('gcs.fc_factor') == 0.8 ) { + if ( get_wsrep_option('gcs.fc_factor') == 0.8 ) { badprint "gcs.fc_factor should be equal to 0.8"; push @adjvars, "gcs.fc_factor=0.8"; } else { goodprint "gcs.limit is equal to 5 * wsrep_slave_threads"; } - if (get_wsrep_option('wsrep_flow_control_paused') > 0.02) { + if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) { badprint "Fraction of time node pause flow control > 0.02"; } else { - goodprint "Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; + goodprint +"Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; } if ( scalar(@primaryKeysNbTables) > 0 ) { badprint "Following table(s) don't have primary key:"; From adb33d3c375875e1d50a37db675b9586fd15b9bf Mon Sep 17 00:00:00 2001 From: "Oscar A. Figueroa" Date: Tue, 7 Mar 2017 12:48:43 +0100 Subject: [PATCH 022/102] Resolved issue #304 --- mysqltuner.pl | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 0efbfa4..11d8e51 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -5041,28 +5041,28 @@ group by c.table_schema,c.table_name having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" ); - if (get_wsrep_option('wsrep_slave_threads') > `nproc`*4 or get_wsrep_option('wsrep_slave_threads') < `nproc`*3) { - badprint "wsrep_slave_threads is not equal to 3 or 4 times number of CPU(s)"; - push @adjvars, "wsrep_slave_threads= Nb of Core CPU * 4"; + if ($myvar{'wsrep_slave_threads'} > `nproc` * 4 or $myvar{'wsrep_slave_threads'} < `nproc` * 2) { + badprint "wsrep_slave_threads is not equal to 2 or 4 times number of CPU(s)"; + push @adjvars, "wsrep_slave_threads= Nb of Core CPU * 2"; } else { - goodprint "wsrep_slave_threads is equal to 3 or 4 times number of CPU(s)"; + goodprint "wsrep_slave_threads is equal to 2 or 4 times number of CPU(s)"; } - if (get_wsrep_option('gcs.limit') != get_wsrep_option('wsrep_slave_threads') *5 ) { - badprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; - push @adjvars, "gcs.limit= wsrep_slave_threads * 5"; + if (get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) { + badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; + push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5"; } else { - goodprint "gcs.limit is equal to 5 * wsrep_slave_threads"; + goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads"; } if (get_wsrep_option('gcs.fc_factor') == 0.8 ) { badprint "gcs.fc_factor should be equal to 0.8"; push @adjvars, "gcs.fc_factor=0.8"; } else { - goodprint "gcs.limit is equal to 5 * wsrep_slave_threads"; + goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads"; } - if (get_wsrep_option('wsrep_flow_control_paused') > 0.02) { + if ($mystat{'wsrep_flow_control_paused'} > 0.02) { badprint "Fraction of time node pause flow control > 0.02"; } else { From f61cbce4f8d50e336ee75780d7ab79de5aa5f38e Mon Sep 17 00:00:00 2001 From: jfcoz Date: Tue, 7 Mar 2017 17:53:36 +0100 Subject: [PATCH 023/102] add checks for wsrep_slave_FK_check and innodb_autoinc_lock_mode when wsrep_slave_threads > 1 --- mysqltuner.pl | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 0efbfa4..b493308 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -31,6 +31,7 @@ # Simon Greenaway Adam Stein Isart Montane # Baptiste M. Cole Turner Major Hayden # Joe Ashcraft Jean-Marie Renouard Christian Loos +# Julien Francoz # # Inspired by Matthew Montgomery's tuning-primer.sh script: # http://forge.mysql.com/projects/view.php?id=44 @@ -5044,9 +5045,24 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" if (get_wsrep_option('wsrep_slave_threads') > `nproc`*4 or get_wsrep_option('wsrep_slave_threads') < `nproc`*3) { badprint "wsrep_slave_threads is not equal to 3 or 4 times number of CPU(s)"; push @adjvars, "wsrep_slave_threads= Nb of Core CPU * 4"; - } else { + } else { goodprint "wsrep_slave_threads is equal to 3 or 4 times number of CPU(s)"; - } + } + + if ($myvar{'wsrep_slave_threads'} > 1) { + badprint "wsrep parallel slave can cause frequent inconsistency crash."; + push @adjvars, "Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; + # check options for parallel slave + if ($myvar{'wsrep_slave_FK_checks'} eq "OFF") { + badprint "wsrep_slave_FK_checks is off with parallel slave"; + push @adjvars, "wsrep_slave_FK_checks should be ON when using parallel slave"; + } + # wsrep_slave_UK_checks seems useless in MySQL source code + if ($myvar{'innodb_autoinc_lock_mode'} != 2) { + badprint "innodb_autoinc_lock_mode is incorrect with parallel slave"; + push @adjvars, "innodb_autoinc_lock_mode should be 2 when using parallel slave"; + } + } if (get_wsrep_option('gcs.limit') != get_wsrep_option('wsrep_slave_threads') *5 ) { badprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; From 24b901363c788a8ba08102f588b91fee897a74a7 Mon Sep 17 00:00:00 2001 From: "Oscar A. Figueroa" Date: Wed, 8 Mar 2017 11:50:02 +0100 Subject: [PATCH 024/102] Bugfix resolve #308 : gcs.fc_factor parameter evaluation and the message report, which referencing wsrep_slave_threads instead. --- mysqltuner.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 11d8e51..dd50384 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -5055,12 +5055,12 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" else { goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads"; } - if (get_wsrep_option('gcs.fc_factor') == 0.8 ) { + if (get_wsrep_option('gcs.fc_factor') != 0.8 ) { badprint "gcs.fc_factor should be equal to 0.8"; push @adjvars, "gcs.fc_factor=0.8"; } else { - goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads"; + goodprint "gcs.fc_factor is equal to 0.8"; } if ($mystat{'wsrep_flow_control_paused'} > 0.02) { badprint "Fraction of time node pause flow control > 0.02"; From b7e1a992403275afb23ee51d9ab355a287231fdb Mon Sep 17 00:00:00 2001 From: Christoph Hansen Date: Mon, 13 Mar 2017 17:22:05 +0100 Subject: [PATCH 025/102] Check whether hyperthreading is enabled or not. Since calculating the recommended value for "wsrep_slave_threads" using the number of physical cores is best practice for Intel CPUs where hyperthreading is activated. --- mysqltuner.pl | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index f7a328f..9e4afe7 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -300,6 +300,12 @@ sub infoprinthcmd { infoprintcmd "$_[1]"; } +# Calculates the number of phyiscal cores considering HyperThreading +sub cpu_cores { + my $cntCPU = `awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`; + return ( $cntCPU == 0 ? `nproc` : $cntCPU ); +} + # Calculates the parameter passed in bytes, then rounds it to one decimal place sub hr_bytes { my $num = shift; @@ -1518,8 +1524,8 @@ sub get_system_info { else { badprint "Internet : Disconnected"; } - $result{'OS'}{'NbCore'} = `nproc`; - infoprint "Number of Core CPU : " . `nproc`; + $result{'OS'}{'NbCore'} = cpu_cores; + infoprint "Number of Core CPU : " . cpu_cores; $result{'OS'}{'Type'} = `uname -o`; infoprint "Operating System Type : " . infocmd_one "uname -o"; $result{'OS'}{'Kernel'} = `uname -r`; @@ -5048,8 +5054,8 @@ group by c.table_schema,c.table_name having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" ); - if ( get_wsrep_option('wsrep_slave_threads') > `nproc` * 4 - or get_wsrep_option('wsrep_slave_threads') < `nproc` * 3 ) + if ( get_wsrep_option('wsrep_slave_threads') > cpu_cores * 4 + or get_wsrep_option('wsrep_slave_threads') < cpu_cores * 3 ) { badprint "wsrep_slave_threads is not equal to 3 or 4 times number of CPU(s)"; From 596918c3c3f3ef6582fefe846acecc39fdae423d Mon Sep 17 00:00:00 2001 From: RENOUARD Jean Marie Ext IMT/OINIS Date: Tue, 14 Mar 2017 18:21:19 +0100 Subject: [PATCH 026/102] Version 1.7.1 --- mysqltuner.pl | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index f7a328f..71d6b01 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -5049,15 +5049,15 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" ); if ( get_wsrep_option('wsrep_slave_threads') > `nproc` * 4 - or get_wsrep_option('wsrep_slave_threads') < `nproc` * 3 ) + or get_wsrep_option('wsrep_slave_threads') < `nproc` * 2 ) { badprint - "wsrep_slave_threads is not equal to 3 or 4 times number of CPU(s)"; + "wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)"; push @adjvars, "wsrep_slave_threads= Nb of Core CPU * 4"; } else { goodprint - "wsrep_slave_threads is equal to 3 or 4 times number of CPU(s)"; + "wsrep_slave_threads is equal to 2, 3 or 4 times number of CPU(s)"; } if ( get_wsrep_option('gcs.limit') != @@ -5066,18 +5066,18 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" badprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; push @adjvars, "gcs.limit= wsrep_slave_threads * 5"; } else { - goodprint "wsrep_slave_threads is equal to 3 or 4 times number of CPU(s)"; + goodprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; } if (get_wsrep_option('wsrep_slave_threads') > 1) { - badprint "wsrep parallel slave can cause frequent inconsistency crash."; + infoprint "wsrep parallel slave can cause frequent inconsistency crash."; push @adjvars, "Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; # check options for parallel slave if (get_wsrep_option('wsrep_slave_FK_checks') eq "OFF") { badprint "wsrep_slave_FK_checks is off with parallel slave"; push @adjvars, "wsrep_slave_FK_checks should be ON when using parallel slave"; } - # wsrep_slave_UK_checks seems useless in MySQL source code + # wsrep_slave_UK_checks seems useless in MySQL source code if ($myvar{'innodb_autoinc_lock_mode'} != 2) { badprint "innodb_autoinc_lock_mode is incorrect with parallel slave"; push @adjvars, "innodb_autoinc_lock_mode should be 2 when using parallel slave"; @@ -5100,10 +5100,8 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" } if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) { badprint "Fraction of time node pause flow control > 0.02"; - } - else { - goodprint -"Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; + } else { + goodprint "Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; } if ( scalar(@primaryKeysNbTables) > 0 ) { @@ -5112,8 +5110,7 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" badprint "\t$badtable"; push @{ $result{'Tables without PK'} }, $badtable; } - } - else { + } else { goodprint "All tables get a primary key"; } my @nonInnoDBTables = select_array( @@ -5126,22 +5123,19 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" foreach my $badtable (@nonInnoDBTables) { badprint "\t$badtable"; } - } - else { + } else { goodprint "All tables are InnoDB tables"; } if ( $myvar{'binlog_format'} ne 'ROW' ) { badprint "Binlog format should be in ROW mode."; push @adjvars, "binlog_format = ROW"; - } - else { + } else { goodprint "Binlog format is in ROW mode."; } if ( $myvar{'innodb_flush_log_at_trx_commit'} != 0 ) { badprint "InnoDB flush log at each commit should be disabled."; push @adjvars, "innodb_flush_log_at_trx_commit = 0"; - } - else { + } else { goodprint "InnoDB flush log at each commit is disabled for Galera."; } From 5cc86c82b5517cfc5b9631069ec626ad84fe77ab Mon Sep 17 00:00:00 2001 From: RENOUARD Jean Marie Ext IMT/OINIS Date: Tue, 14 Mar 2017 18:26:44 +0100 Subject: [PATCH 027/102] bad calculation for pct_wkeys_from_mem #303 --- mysqltuner.pl | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 1a979e1..3778018 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -2367,14 +2367,7 @@ sub calculations { if ( $mystat{'Key_write_requests'} > 0 ) { $mycalc{'pct_wkeys_from_mem'} = sprintf( - "%.1f", - ( - 100 - ( - ( $mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * - 100 - ) - ) - ); + "%.1f",( ($mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 ) ); } else { $mycalc{'pct_wkeys_from_mem'} = 0; From e447a16157ec9f97629c5f0b70b76f1bc5b1749b Mon Sep 17 00:00:00 2001 From: Konstantin Date: Mon, 27 Mar 2017 15:33:46 +0300 Subject: [PATCH 028/102] Fix typos and markdown issues --- CONTRIBUTING.md | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3e913c2..68fcbaf 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -27,7 +27,7 @@ following restrictions: respect the opinions of others. -##Before submitting an issue## +## Before submitting an issue 1. Upgrade to the latest version of MySQLTuner and see if the problem remains @@ -47,7 +47,7 @@ Good bug reports are extremely helpful — thank you! Guidelines for bug reports: -1. **Use the [GitHub issue search](https://github.com/major/MySQLTuner-perl/search?type=Issues)** — check if the issue has already been +1. **Use the [GitHub issue search]** — check if the issue has already been reported. 2. **Check if the bug has already been fixed** — try to reproduce it using the @@ -100,13 +100,13 @@ to MySQLTuner will be evaluated on a combination of scope (how well it fits into project), maintenance burden and general usefulness. Creating something great often means saying no to seemingly good ideas. Don't -dispair if your feature request isn't accepted, take action! Fork the +despair if your feature request isn't accepted, take action! Fork the repository, build your idea and share it with others. We released MySQLTuner under the MIT License for this purpose precisely. Open source works best when smart and dedicated people riff off of each others' ideas to make even greater things. -## New feature request ## -* You can find Enhancement asked by community at [Enhancement issue](https://github.com/major/MySQLTuner-perl/labels/enhancement) +## New feature request +You can find Enhancement asked by community at [Enhancement issue] ## Pull requests @@ -153,8 +153,7 @@ these guidelines is the best way to get your work included in MySQLTuner. git checkout -b ``` -4. Commit your changes in logical chunks. Please adhere to these [git commit - message guidelines](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) +4. Commit your changes in logical chunks. Please adhere to these [git commit message guidelines] or your code is unlikely be merged into the main project. Use Git's [interactive rebase](https://help.github.com/articles/interactive-rebase) feature to tidy up your commits before making them public. @@ -171,18 +170,23 @@ these guidelines is the best way to get your work included in MySQLTuner. git push origin ``` -7. [Open a Pull Request](https://help.github.com/articles/using-pull-requests/) - with a clear title and description. +7. [Open a Pull Request] with a clear title and description. **IMPORTANT**: By submitting a patch, you agree to allow the project owner to -license your work under the [GPLv3 License](https://en.wikipedia.org/wiki/GNU_General_Public_License). +license your work under the [GPLv3 License]. -Copy of the license is available at [LICENSE](https://github.com/major/MySQLTuner-perl/blob/master/LICENSE) +Copy of the license is available at [LICENSE] -#### MySQLTuner Code Conventions +## MySQLTuner Code Conventions 1. Check code convention using **perltidy** and **perlcritic** 2. Don't manually update the version number in `mysqltuner.pl`. - + +[Enhancement issue]:https://github.com/major/MySQLTuner-perl/labels/enhancement +[GitHub issue search]:https://github.com/major/MySQLTuner-perl/search?type=Issues +[git commit message guidelines]:http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html +[Open a Pull Request]:https://help.github.com/articles/using-pull-requests/ +[GPLv3 License]:https://en.wikipedia.org/wiki/GNU_General_Public_License +[LICENSE]:https://github.com/major/MySQLTuner-perl/blob/master/LICENSE From 2f3832b6f7370c231428be14c7a362a7452d7286 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=AC=9D=E8=87=B4=E9=82=A6=20=28XIE=20Zhibang=29?= Date: Wed, 19 Apr 2017 20:01:02 +0800 Subject: [PATCH 029/102] The query cache should be disabled in MariaDB 10.1 --- mysqltuner.pl | 1 - 1 file changed, 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 3778018..0fd5f86 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -2800,7 +2800,6 @@ sub mysql_stats { "Upgrade MySQL to version 4+ to utilize query caching" ); } elsif ( mysql_version_ge( 5, 5 ) - and !mysql_version_ge( 10, 1 ) and $myvar{'query_cache_type'} eq "OFF" ) { goodprint From f4a108c2f6b78a994e5abb133c7f319116c33c04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=AC=9D=E8=87=B4=E9=82=A6=20=28XIE=20Zhibang=29?= Date: Wed, 19 Apr 2017 21:25:45 +0800 Subject: [PATCH 030/102] Disable query cache. --- mysqltuner.pl | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 0fd5f86..a7333b8 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -2799,20 +2799,12 @@ sub mysql_stats { push( @generalrec, "Upgrade MySQL to version 4+ to utilize query caching" ); } - elsif ( mysql_version_ge( 5, 5 ) + elsif ( $myvar{'query_cache_size'} < 1 and $myvar{'query_cache_type'} eq "OFF" ) { goodprint "Query cache is disabled by default due to mutex contention on multiprocessor machines."; } - elsif ( $myvar{'query_cache_size'} < 1 ) { - badprint "Query cache is disabled"; - push( @adjvars, "query_cache_size (>= 8M)" ); - } - elsif ( $myvar{'query_cache_type'} eq "OFF" ) { - badprint "Query cache is disabled"; - push( @adjvars, "query_cache_type (=1)" ); - } elsif ( $mystat{'Com_select'} == 0 ) { badprint "Query cache cannot be analyzed - no SELECT statements executed"; @@ -2820,6 +2812,7 @@ sub mysql_stats { else { badprint "Query cache may be disabled by default due to mutex contention."; + push( @adjvars, "query_cache_size (=0)" ); push( @adjvars, "query_cache_type (=0)" ); if ( $mycalc{'query_cache_efficiency'} < 20 ) { badprint From 21af94158da0557648ddc5b76799b245ff46a470 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 21 Apr 2017 00:13:45 +0200 Subject: [PATCH 031/102] Add quotes #311 Use https instead of http #317 typo, space missing before is #315 --- mysqltuner.pl | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index a7333b8..ab6b975 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,7 +1,7 @@ #!/usr/bin/env perl # mysqltuner.pl - Version 1.7.1 # High Performance MySQL Tuning Script -# Copyright (C) 2006-2016 Major Hayden - major@mhtx.net +# Copyright (C) 2006-2017 Major Hayden - major@mhtx.net # # For the latest updates, please visit http://mysqltuner.com/ # Git repository available at http://github.com/major/MySQLTuner-perl @@ -537,16 +537,15 @@ sub validate_tuner_version { } my $update; - my $url = -"https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; + my $url = "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; my $httpcli = get_http_cli(); if ( $httpcli =~ /curl$/ ) { debugprint "$httpcli is available."; debugprint -"$httpcli --connect-timeout 5 -silent '$url' 2>/dev/null | grep 'my \$tunerversion'| cut -d\\\" -f2"; +"$httpcli -m 3 -silent '$url' 2>/dev/null | grep 'my \$tunerversion'| cut -d\\\" -f2"; $update = -`$httpcli --connect-timeout 5 -silent '$url' 2>/dev/null | grep 'my \$tunerversion'| cut -d\\\" -f2`; +`$httpcli -m 3 -silent '$url' 2>/dev/null | grep 'my \$tunerversion'| cut -d\\\" -f2`; chomp($update); debugprint "VERSION: $update"; @@ -558,9 +557,9 @@ sub validate_tuner_version { debugprint "$httpcli is available."; debugprint -"$httpcli -e timestamping=off -t 1 -T 5 -O - '$url' 2>$devnull| grep 'my \$tunerversion'| cut -d\\\" -f2"; +"$httpcli -e timestamping=off -t 1 -T 3 -O - '$url' 2>$devnull| grep 'my \$tunerversion'| cut -d\\\" -f2"; $update = -`$httpcli -e timestamping=off -t 1 -T 5 -O - '$url' 2>$devnull| grep 'my \$tunerversion'| cut -d\\\" -f2`; +`$httpcli -e timestamping=off -t 1 -T 3 -O - '$url' 2>$devnull| grep 'my \$tunerversion'| cut -d\\\" -f2`; chomp($update); compare_tuner_version($update); return; @@ -580,7 +579,6 @@ sub update_tuner_version { return; } - #use Cwd; my $update; my $url = "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/"; my @scripts = @@ -595,9 +593,9 @@ sub update_tuner_version { debugprint "$httpcli is available."; debugprint - "$httpcli --connect-timeout 5 '$url$script' 2>$devnull > $script"; + "$httpcli --connect-timeout 3 '$url$script' 2>$devnull > $script"; $update = - `$httpcli --connect-timeout 5 '$url$script' 2>$devnull > $script`; + `$httpcli --connect-timeout 3 '$url$script' 2>$devnull > $script`; chomp($update); debugprint "$script updated: $update"; @@ -614,9 +612,9 @@ sub update_tuner_version { debugprint "$httpcli is available."; debugprint - "$httpcli -qe timestamping=off -T 5 -O $script '$url$script'"; + "$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'"; $update = - `$httpcli -qe timestamping=off -T 5 -O $script '$url$script'`; + `$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'`; chomp($update); if ( -s $script eq 0 ) { @@ -651,7 +649,7 @@ sub compare_tuner_version { #exit 0; if ( $remoteversion ne $tunerversion ) { badprint - "There is a new version of MySQLTuner available ($remoteversion)"; + "There is a new version of MySQLTuner available($remoteversion)"; update_tuner_version(); return; } @@ -1170,7 +1168,7 @@ sub log_file_recommandations { badprint "Log file $myvar{'log_error'} is bigger than 32 Mb"; push @generalrec, $myvar{'log_error'} - . "is > 32Mb, you should analyze why or implement a rotation log strategy such as logrotate!"; + . " is > 32Mb, you should analyze why or implement a rotation log strategy such as logrotate!"; } my @log_content = get_file_contents( $myvar{'log_error'} ); @@ -1541,11 +1539,11 @@ sub get_system_info { my $ext_ip = ""; if ( $httpcli =~ /curl$/ ) { - $ext_ip = infocmd_one "$httpcli ipecho.net/plain"; + $ext_ip = infocmd_one "$httpcli -m 3 ipecho.net/plain"; } elsif ( $httpcli =~ /wget$/ ) { - $ext_ip = infocmd_one "$httpcli -q -O - ipecho.net/plain"; + $ext_ip = infocmd_one "$httpcli -t 1 -T 3 -q -O - ipecho.net/plain"; } infoprint "External IP : " . $ext_ip; $result{'Network'}{'External Ip'} = $ext_ip; @@ -2149,7 +2147,7 @@ sub check_storage_engines { $data_free = $data_free / 1024 / 1024; $total_free += $data_free; push( @generalrec, - " OPTIMIZE TABLE $table_name; -- can free $data_free MB" ); + " OPTIMIZE TABLE `$table_name`; -- can free $data_free MB" ); } push( @generalrec, "Total freed space after theses OPTIMIZE TABLE : $total_free Mb" ); From dc7ffb01dc45c9b97debb531c0772b8c26406bf6 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 21 Apr 2017 00:19:55 +0200 Subject: [PATCH 032/102] bug fix on swappinness to 10 for Galera --- mysqltuner.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index ab6b975..95ee8e5 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1465,7 +1465,7 @@ sub get_kernel_info { badprint "Swappiness is > 10, please consider having a value lower than 10"; push @generalrec, "setup swappiness lower or equals to 10"; - push @adjvars, 'vm.swappiness <= 10 (echo 0 > /proc/sys/vm/swappiness)'; + push @adjvars, 'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)'; } else { infoprint "Swappiness is < 10."; From dda90d669c5cf5f2771101a4886d759881c1775d Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Fri, 21 Apr 2017 00:33:20 +0200 Subject: [PATCH 033/102] Default host should be 127.0.0.1 #312 --- mysqltuner.pl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 95ee8e5..d513069 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -721,7 +721,7 @@ sub mysql_setup { if ( $opt{socket} ne 0 ) { $remotestring = " -S $opt{socket} -P $opt{port}"; } - + # Are we being asked to connect to a remote server? if ( $opt{host} ne 0 ) { chomp( $opt{host} ); @@ -739,6 +739,8 @@ sub mysql_setup { if ( ( $opt{host} ne "127.0.0.1" ) && ( $opt{host} ne "localhost" ) ) { $doremote = 1; } + } else { + $opt{host}='127.0.0.1'; } # Did we already get a username without password on the command line? From dbe7ac8818e9ddac25d1463c5e711f5639a3b690 Mon Sep 17 00:00:00 2001 From: Tim Stoop Date: Mon, 24 Apr 2017 22:53:08 +0200 Subject: [PATCH 034/102] Fix typos in Index metrics --- mysqltuner.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index d513069..8dcd065 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -5817,8 +5817,8 @@ ENDSQL $result{'Indexes'}{ $info[1] }{'Column'} = $info[0]; $result{'Indexes'}{ $info[1] }{'Sequence number'} = $info[2]; - $result{'Indexes'}{ $info[1] }{'Number of collunm'} = $info[3]; - $result{'Indexes'}{ $info[1] }{'Cardianality'} = $info[4]; + $result{'Indexes'}{ $info[1] }{'Number of column'} = $info[3]; + $result{'Indexes'}{ $info[1] }{'Cardinality'} = $info[4]; $result{'Indexes'}{ $info[1] }{'Row number'} = $info[5]; $result{'Indexes'}{ $info[1] }{'Index Type'} = $info[6]; $result{'Indexes'}{ $info[1] }{'Selectivity'} = $info[7]; From 5b1dbd3ffaa0b6c9e151ca94f1d16ad747abb06a Mon Sep 17 00:00:00 2001 From: root Date: Mon, 8 May 2017 15:28:35 +0200 Subject: [PATCH 035/102] Update vulnerabilty list --- vulnerabilities.csv | 54 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/vulnerabilities.csv b/vulnerabilities.csv index 1cefc04..6a5557b 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -583,6 +583,20 @@ 5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; 5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.55;5;5;55;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; +3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; +3.2.1182;3;2;1182;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; +3.3.2;3;3;2;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; +3.1.6;3;1;6;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844";Assigned (20161206);"None (candidate not yet proposed)"; +3.2.1182;3;2;1182;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844";Assigned (20161206);"None (candidate not yet proposed)"; +3.3.2;3;3;2;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; 5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; 5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; @@ -597,3 +611,43 @@ 5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95479 | URL:http://www.securityfocus.com/bid/95479";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95470 | URL:http://www.securityfocus.com/bid/95470";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97772 | URL:http://www.securityfocus.com/bid/97772";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97772 | URL:http://www.securityfocus.com/bid/97772";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97747 | URL:http://www.securityfocus.com/bid/97747";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97747 | URL:http://www.securityfocus.com/bid/97747";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3452;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97779 | URL:http://www.securityfocus.com/bid/97779";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3454;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97791 | URL:http://www.securityfocus.com/bid/97791";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97820 | URL:http://www.securityfocus.com/bid/97820";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3457;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97845 | URL:http://www.securityfocus.com/bid/97845";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3458;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97837 | URL:http://www.securityfocus.com/bid/97837";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3459;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97847 | URL:http://www.securityfocus.com/bid/97847";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3460;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97826 | URL:http://www.securityfocus.com/bid/97826";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3465;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97822 | URL:http://www.securityfocus.com/bid/97822";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3467;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97825 | URL:http://www.securityfocus.com/bid/97825";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3468;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97848 | URL:http://www.securityfocus.com/bid/97848";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97754 | URL:http://www.securityfocus.com/bid/97754";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97754 | URL:http://www.securityfocus.com/bid/97754";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765";Assigned (20161206);"None (candidate not yet proposed)"; From f180eae0825b6a9ba5102f8cf84305268debb1e9 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Wed, 17 May 2017 16:50:44 +0200 Subject: [PATCH 036/102] Missing argument requirement for cvefile in mysqltuner help #321 Schedule for releases on github #320 --- USAGE.md | 6 +-- mysqltuner.pl | 135 ++++++++++++++++++++++++++++++-------------------- 2 files changed, 84 insertions(+), 57 deletions(-) diff --git a/USAGE.md b/USAGE.md index 3fce554..60dc83b 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,6 +1,6 @@ # NAME - MySQLTuner 1.7.0 - MySQL High Performance Tuning Script + MySQLTuner 1.7.2 - MySQL High Performance Tuning Script # IMPORTANT USAGE GUIDELINES @@ -45,7 +45,7 @@ You must provide the remote server's total memory when connecting to other serve --pfstat Print Performance schema --bannedports Ports banned separated by comma(,) --maxportallowed Number of ports opened allowed on this hosts - --cvefile CVE File for vulnerability checks + --cvefile CVE File for vulnerability checks --nocolor Don't print output in color --json Print result as JSON string --buffers Print global and per-thread buffer values @@ -122,7 +122,7 @@ Maintained by Major Hayden (major\\@mhtx.net) - Licensed under GPL # COPYRIGHT AND LICENSE -Copyright (C) 2006-2015 Major Hayden - major@mhtx.net +Copyright (C) 2006-2017 Major Hayden - major@mhtx.net For the latest updates, please visit http://mysqltuner.com/ diff --git a/mysqltuner.pl b/mysqltuner.pl index 8dcd065..01e28d1 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.1 +# mysqltuner.pl - Version 1.7.2 # High Performance MySQL Tuning Script # Copyright (C) 2006-2017 Major Hayden - major@mhtx.net # @@ -55,7 +55,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.1"; +my $tunerversion = "1.7.2"; my ( @adjvars, @generalrec ); # Set defaults @@ -174,7 +174,7 @@ sub usage { . " --pfstat Print Performance schema information\n" . " --bannedports Ports banned separated by comma(,)\n" . " --maxportallowed Number of ports opened allowed on this hosts\n" - . " --cvefile CVE File for vulnerability checks\n" + . " --cvefile CVE File for vulnerability checks\n" . " --nocolor Don't print output in color\n" . " --json Print result as JSON string\n" . " --prettyjson Print result as human readable JSON\n" @@ -300,9 +300,10 @@ sub infoprinthcmd { infoprintcmd "$_[1]"; } -# Calculates the number of phyiscal cores considering HyperThreading +# Calculates the number of phyiscal cores considering HyperThreading sub cpu_cores { - my $cntCPU = `awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`; + my $cntCPU = +`awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`; return ( $cntCPU == 0 ? `nproc` : $cntCPU ); } @@ -537,7 +538,8 @@ sub validate_tuner_version { } my $update; - my $url = "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; + my $url = +"https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; my $httpcli = get_http_cli(); if ( $httpcli =~ /curl$/ ) { debugprint "$httpcli is available."; @@ -612,9 +614,9 @@ sub update_tuner_version { debugprint "$httpcli is available."; debugprint - "$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'"; +"$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'"; $update = - `$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'`; +`$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'`; chomp($update); if ( -s $script eq 0 ) { @@ -721,7 +723,7 @@ sub mysql_setup { if ( $opt{socket} ne 0 ) { $remotestring = " -S $opt{socket} -P $opt{port}"; } - + # Are we being asked to connect to a remote server? if ( $opt{host} ne 0 ) { chomp( $opt{host} ); @@ -739,8 +741,9 @@ sub mysql_setup { if ( ( $opt{host} ne "127.0.0.1" ) && ( $opt{host} ne "localhost" ) ) { $doremote = 1; } - } else { - $opt{host}='127.0.0.1'; + } + else { + $opt{host} = '127.0.0.1'; } # Did we already get a username without password on the command line? @@ -869,6 +872,7 @@ sub mysql_setup { } } else { + # It's not Plesk or debian, we should try a login debugprint "$mysqladmincmd $remotestring ping 2>&1"; my $loginstatus = `$mysqladmincmd $remotestring ping 2>&1`; @@ -1467,7 +1471,8 @@ sub get_kernel_info { badprint "Swappiness is > 10, please consider having a value lower than 10"; push @generalrec, "setup swappiness lower or equals to 10"; - push @adjvars, 'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)'; + push @adjvars, + 'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)'; } else { infoprint "Swappiness is < 10."; @@ -1822,7 +1827,7 @@ sub get_replication_status { "This replication slave is not running but seems to be configured."; } if ( defined($io_running) - && $io_running =~ /yes/i + && $io_running =~ /yes/i && $sql_running =~ /yes/i ) { if ( $myvar{'read_only'} eq 'OFF' ) { @@ -2088,7 +2093,7 @@ sub check_storage_engines { debugprint "Data dump " . Dumper(@$tbl); my ( $engine, $size, $datafree ) = @$tbl; next if $engine eq 'NULL'; - $size = 0 if $size eq 'NULL'; + $size = 0 if $size eq 'NULL'; $datafree = 0 if $datafree eq 'NULL'; if ( defined $enginestats{$engine} ) { $enginestats{$engine} += $size; @@ -2325,7 +2330,7 @@ sub calculations { $myvar{'key_cache_block_size'} ) / $myvar{'key_buffer_size'} ) - ) * 100 + ) * 100 ); } else { @@ -2366,8 +2371,9 @@ sub calculations { } if ( $mystat{'Key_write_requests'} > 0 ) { - $mycalc{'pct_wkeys_from_mem'} = sprintf( - "%.1f",( ($mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 ) ); + $mycalc{'pct_wkeys_from_mem'} = sprintf( "%.1f", + ( ( $mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 ) + ); } else { $mycalc{'pct_wkeys_from_mem'} = 0; @@ -2411,14 +2417,14 @@ sub calculations { ( $mystat{'Qcache_hits'} / ( $mystat{'Com_select'} + $mystat{'Qcache_hits'} ) - ) * 100 + ) * 100 ); if ( $myvar{'query_cache_size'} ) { $mycalc{'pct_query_cache_used'} = sprintf( "%.1f", 100 - ( $mystat{'Qcache_free_memory'} / $myvar{'query_cache_size'} - ) * 100 + ) * 100 ); } if ( $mystat{'Qcache_lowmem_prunes'} == 0 ) { @@ -2643,7 +2649,7 @@ sub mysql_stats { if ( defined $myvar{'query_cache_type'} ) { infoprint "Query Cache Buffers"; - infoprint " +-- Query Cache: " + infoprint " +-- Query Cache: " . $myvar{'query_cache_type'} . " - " . ( $myvar{'query_cache_type'} eq 0 | @@ -3146,6 +3152,7 @@ sub mysql_myisam { } } else { + # No queries have run that would use keys debugprint "Key buffer used: $mycalc{'pct_key_buffer_used'}% (" . hr_num( @@ -3205,6 +3212,7 @@ sub mysql_myisam { } } else { + # No queries have run that would use keys debugprint "Key buffer size / total MyISAM indexes: " . hr_bytes( $myvar{'key_buffer_size'} ) . "/" @@ -3229,6 +3237,7 @@ sub mysql_myisam { } } else { + # No queries have run that would use keys debugprint "Write Key buffer hit rate: $mycalc{'pct_wkeys_from_mem'}% (" @@ -5039,11 +5048,11 @@ group by c.table_schema,c.table_name having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" ); - if ( get_wsrep_option('wsrep_slave_threads') > cpu_cores * 4 - or get_wsrep_option('wsrep_slave_threads') < cpu_cores * 3 ) + if ( get_wsrep_option('wsrep_slave_threads') > cpu_cores *4 + or get_wsrep_option('wsrep_slave_threads') < cpu_cores *3 ) { badprint - "wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)"; +"wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)"; push @adjvars, "wsrep_slave_threads= Nb of Core CPU * 4"; } else { @@ -5056,43 +5065,55 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" { badprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; push @adjvars, "gcs.limit= wsrep_slave_threads * 5"; - } else { + } + else { goodprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; } - if (get_wsrep_option('wsrep_slave_threads') > 1) { - infoprint "wsrep parallel slave can cause frequent inconsistency crash."; - push @adjvars, "Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; + if ( get_wsrep_option('wsrep_slave_threads') > 1 ) { + infoprint + "wsrep parallel slave can cause frequent inconsistency crash."; + push @adjvars, +"Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; + # check options for parallel slave - if (get_wsrep_option('wsrep_slave_FK_checks') eq "OFF") { + if ( get_wsrep_option('wsrep_slave_FK_checks') eq "OFF" ) { badprint "wsrep_slave_FK_checks is off with parallel slave"; - push @adjvars, "wsrep_slave_FK_checks should be ON when using parallel slave"; + push @adjvars, + "wsrep_slave_FK_checks should be ON when using parallel slave"; } + # wsrep_slave_UK_checks seems useless in MySQL source code - if ($myvar{'innodb_autoinc_lock_mode'} != 2) { - badprint "innodb_autoinc_lock_mode is incorrect with parallel slave"; - push @adjvars, "innodb_autoinc_lock_mode should be 2 when using parallel slave"; + if ( $myvar{'innodb_autoinc_lock_mode'} != 2 ) { + badprint + "innodb_autoinc_lock_mode is incorrect with parallel slave"; + push @adjvars, + "innodb_autoinc_lock_mode should be 2 when using parallel slave"; } } - - if (get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) { + + if ( get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) + { badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5"; - } else { + } + else { goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads"; } - - if (get_wsrep_option('gcs.fc_factor') != 0.8 ) { + + if ( get_wsrep_option('gcs.fc_factor') != 0.8 ) { badprint "gcs.fc_factor should be equal to 0.8"; push @adjvars, "gcs.fc_factor=0.8"; } else { goodprint "gcs.fc_factor is equal to 0.8"; } - if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) { + if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) { badprint "Fraction of time node pause flow control > 0.02"; - } else { - goodprint "Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; + } + else { + goodprint +"Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; } if ( scalar(@primaryKeysNbTables) > 0 ) { @@ -5101,7 +5122,8 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" badprint "\t$badtable"; push @{ $result{'Tables without PK'} }, $badtable; } - } else { + } + else { goodprint "All tables get a primary key"; } my @nonInnoDBTables = select_array( @@ -5114,19 +5136,22 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" foreach my $badtable (@nonInnoDBTables) { badprint "\t$badtable"; } - } else { + } + else { goodprint "All tables are InnoDB tables"; } if ( $myvar{'binlog_format'} ne 'ROW' ) { badprint "Binlog format should be in ROW mode."; push @adjvars, "binlog_format = ROW"; - } else { + } + else { goodprint "Binlog format is in ROW mode."; } if ( $myvar{'innodb_flush_log_at_trx_commit'} != 0 ) { badprint "InnoDB flush log at each commit should be disabled."; push @adjvars, "innodb_flush_log_at_trx_commit = 0"; - } else { + } + else { goodprint "InnoDB flush log at each commit is disabled for Galera."; } @@ -5815,13 +5840,13 @@ ENDSQL infoprint " +-- TYPE : " . $info[6]; infoprint " +-- SELECTIVITY : " . $info[7] . "%"; - $result{'Indexes'}{ $info[1] }{'Column'} = $info[0]; - $result{'Indexes'}{ $info[1] }{'Sequence number'} = $info[2]; - $result{'Indexes'}{ $info[1] }{'Number of column'} = $info[3]; - $result{'Indexes'}{ $info[1] }{'Cardinality'} = $info[4]; - $result{'Indexes'}{ $info[1] }{'Row number'} = $info[5]; - $result{'Indexes'}{ $info[1] }{'Index Type'} = $info[6]; - $result{'Indexes'}{ $info[1] }{'Selectivity'} = $info[7]; + $result{'Indexes'}{ $info[1] }{'Column'} = $info[0]; + $result{'Indexes'}{ $info[1] }{'Sequence number'} = $info[2]; + $result{'Indexes'}{ $info[1] }{'Number of column'} = $info[3]; + $result{'Indexes'}{ $info[1] }{'Cardinality'} = $info[4]; + $result{'Indexes'}{ $info[1] }{'Row number'} = $info[5]; + $result{'Indexes'}{ $info[1] }{'Index Type'} = $info[6]; + $result{'Indexes'}{ $info[1] }{'Selectivity'} = $info[7]; if ( $info[7] < 25 ) { badprint "$info[1] has a low selectivity"; } @@ -5917,6 +5942,7 @@ if ( $opt{'template'} ne 0 ) { $templateModel = file2string( $opt{'template'} ); } else { + # DEFAULT REPORT TEMPLATE $templateModel = <<'END_TEMPLATE'; @@ -6037,13 +6063,14 @@ close_outputfile; # Close reportfile if needed 1; __END__ + =pod =encoding UTF-8 =head1 NAME - MySQLTuner 1.7.1 - MySQL High Performance Tuning Script + MySQLTuner 1.7.2 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES @@ -6088,7 +6115,7 @@ You must provide the remote server's total memory when connecting to other serve --pfstat Print Performance schema --bannedports Ports banned separated by comma(,) --maxportallowed Number of ports opened allowed on this hosts - --cvefile CVE File for vulnerability checks + --cvefile CVE File for vulnerability checks --nocolor Don't print output in color --json Print result as JSON string --buffers Print global and per-thread buffer values @@ -6271,7 +6298,7 @@ L =head1 COPYRIGHT AND LICENSE -Copyright (C) 2006-2015 Major Hayden - major@mhtx.net +Copyright (C) 2006-2017 Major Hayden - major@mhtx.net For the latest updates, please visit http://mysqltuner.com/ From 21860fe39546c827dfb9b6a9162984cea79b1d22 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Wed, 17 May 2017 17:38:17 +0200 Subject: [PATCH 037/102] Incorrect suggestion for ratio InnoDB log file size / InnoDB buffer pool size #322 --- mysqltuner.pl | 125 ++++++++++++++++++++------------------------------ 1 file changed, 49 insertions(+), 76 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 01e28d1..9aca567 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -300,10 +300,9 @@ sub infoprinthcmd { infoprintcmd "$_[1]"; } -# Calculates the number of phyiscal cores considering HyperThreading +# Calculates the number of phyiscal cores considering HyperThreading sub cpu_cores { - my $cntCPU = -`awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`; + my $cntCPU = `awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`; return ( $cntCPU == 0 ? `nproc` : $cntCPU ); } @@ -538,8 +537,7 @@ sub validate_tuner_version { } my $update; - my $url = -"https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; + my $url = "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; my $httpcli = get_http_cli(); if ( $httpcli =~ /curl$/ ) { debugprint "$httpcli is available."; @@ -614,9 +612,9 @@ sub update_tuner_version { debugprint "$httpcli is available."; debugprint -"$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'"; + "$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'"; $update = -`$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'`; + `$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'`; chomp($update); if ( -s $script eq 0 ) { @@ -723,7 +721,7 @@ sub mysql_setup { if ( $opt{socket} ne 0 ) { $remotestring = " -S $opt{socket} -P $opt{port}"; } - + # Are we being asked to connect to a remote server? if ( $opt{host} ne 0 ) { chomp( $opt{host} ); @@ -741,9 +739,8 @@ sub mysql_setup { if ( ( $opt{host} ne "127.0.0.1" ) && ( $opt{host} ne "localhost" ) ) { $doremote = 1; } - } - else { - $opt{host} = '127.0.0.1'; + } else { + $opt{host}='127.0.0.1'; } # Did we already get a username without password on the command line? @@ -872,7 +869,6 @@ sub mysql_setup { } } else { - # It's not Plesk or debian, we should try a login debugprint "$mysqladmincmd $remotestring ping 2>&1"; my $loginstatus = `$mysqladmincmd $remotestring ping 2>&1`; @@ -1471,8 +1467,7 @@ sub get_kernel_info { badprint "Swappiness is > 10, please consider having a value lower than 10"; push @generalrec, "setup swappiness lower or equals to 10"; - push @adjvars, - 'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)'; + push @adjvars, 'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)'; } else { infoprint "Swappiness is < 10."; @@ -1827,7 +1822,7 @@ sub get_replication_status { "This replication slave is not running but seems to be configured."; } if ( defined($io_running) - && $io_running =~ /yes/i + && $io_running =~ /yes/i && $sql_running =~ /yes/i ) { if ( $myvar{'read_only'} eq 'OFF' ) { @@ -2093,7 +2088,7 @@ sub check_storage_engines { debugprint "Data dump " . Dumper(@$tbl); my ( $engine, $size, $datafree ) = @$tbl; next if $engine eq 'NULL'; - $size = 0 if $size eq 'NULL'; + $size = 0 if $size eq 'NULL'; $datafree = 0 if $datafree eq 'NULL'; if ( defined $enginestats{$engine} ) { $enginestats{$engine} += $size; @@ -2330,7 +2325,7 @@ sub calculations { $myvar{'key_cache_block_size'} ) / $myvar{'key_buffer_size'} ) - ) * 100 + ) * 100 ); } else { @@ -2371,9 +2366,8 @@ sub calculations { } if ( $mystat{'Key_write_requests'} > 0 ) { - $mycalc{'pct_wkeys_from_mem'} = sprintf( "%.1f", - ( ( $mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 ) - ); + $mycalc{'pct_wkeys_from_mem'} = sprintf( + "%.1f",( ($mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 ) ); } else { $mycalc{'pct_wkeys_from_mem'} = 0; @@ -2417,14 +2411,14 @@ sub calculations { ( $mystat{'Qcache_hits'} / ( $mystat{'Com_select'} + $mystat{'Qcache_hits'} ) - ) * 100 + ) * 100 ); if ( $myvar{'query_cache_size'} ) { $mycalc{'pct_query_cache_used'} = sprintf( "%.1f", 100 - ( $mystat{'Qcache_free_memory'} / $myvar{'query_cache_size'} - ) * 100 + ) * 100 ); } if ( $mystat{'Qcache_lowmem_prunes'} == 0 ) { @@ -2649,7 +2643,7 @@ sub mysql_stats { if ( defined $myvar{'query_cache_type'} ) { infoprint "Query Cache Buffers"; - infoprint " +-- Query Cache: " + infoprint " +-- Query Cache: " . $myvar{'query_cache_type'} . " - " . ( $myvar{'query_cache_type'} eq 0 | @@ -3152,7 +3146,6 @@ sub mysql_myisam { } } else { - # No queries have run that would use keys debugprint "Key buffer used: $mycalc{'pct_key_buffer_used'}% (" . hr_num( @@ -3212,7 +3205,6 @@ sub mysql_myisam { } } else { - # No queries have run that would use keys debugprint "Key buffer size / total MyISAM indexes: " . hr_bytes( $myvar{'key_buffer_size'} ) . "/" @@ -3237,7 +3229,6 @@ sub mysql_myisam { } } else { - # No queries have run that would use keys debugprint "Write Key buffer hit rate: $mycalc{'pct_wkeys_from_mem'}% (" @@ -5048,11 +5039,11 @@ group by c.table_schema,c.table_name having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" ); - if ( get_wsrep_option('wsrep_slave_threads') > cpu_cores *4 - or get_wsrep_option('wsrep_slave_threads') < cpu_cores *3 ) + if ( get_wsrep_option('wsrep_slave_threads') > cpu_cores * 4 + or get_wsrep_option('wsrep_slave_threads') < cpu_cores * 3 ) { badprint -"wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)"; + "wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)"; push @adjvars, "wsrep_slave_threads= Nb of Core CPU * 4"; } else { @@ -5065,55 +5056,43 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" { badprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; push @adjvars, "gcs.limit= wsrep_slave_threads * 5"; - } - else { + } else { goodprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; } - if ( get_wsrep_option('wsrep_slave_threads') > 1 ) { - infoprint - "wsrep parallel slave can cause frequent inconsistency crash."; - push @adjvars, -"Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; - + if (get_wsrep_option('wsrep_slave_threads') > 1) { + infoprint "wsrep parallel slave can cause frequent inconsistency crash."; + push @adjvars, "Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; # check options for parallel slave - if ( get_wsrep_option('wsrep_slave_FK_checks') eq "OFF" ) { + if (get_wsrep_option('wsrep_slave_FK_checks') eq "OFF") { badprint "wsrep_slave_FK_checks is off with parallel slave"; - push @adjvars, - "wsrep_slave_FK_checks should be ON when using parallel slave"; + push @adjvars, "wsrep_slave_FK_checks should be ON when using parallel slave"; } - # wsrep_slave_UK_checks seems useless in MySQL source code - if ( $myvar{'innodb_autoinc_lock_mode'} != 2 ) { - badprint - "innodb_autoinc_lock_mode is incorrect with parallel slave"; - push @adjvars, - "innodb_autoinc_lock_mode should be 2 when using parallel slave"; + if ($myvar{'innodb_autoinc_lock_mode'} != 2) { + badprint "innodb_autoinc_lock_mode is incorrect with parallel slave"; + push @adjvars, "innodb_autoinc_lock_mode should be 2 when using parallel slave"; } } - - if ( get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) - { + + if (get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) { badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5"; - } - else { + } else { goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads"; } - - if ( get_wsrep_option('gcs.fc_factor') != 0.8 ) { + + if (get_wsrep_option('gcs.fc_factor') != 0.8 ) { badprint "gcs.fc_factor should be equal to 0.8"; push @adjvars, "gcs.fc_factor=0.8"; } else { goodprint "gcs.fc_factor is equal to 0.8"; } - if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) { + if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) { badprint "Fraction of time node pause flow control > 0.02"; - } - else { - goodprint -"Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; + } else { + goodprint "Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; } if ( scalar(@primaryKeysNbTables) > 0 ) { @@ -5122,8 +5101,7 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" badprint "\t$badtable"; push @{ $result{'Tables without PK'} }, $badtable; } - } - else { + } else { goodprint "All tables get a primary key"; } my @nonInnoDBTables = select_array( @@ -5136,22 +5114,19 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" foreach my $badtable (@nonInnoDBTables) { badprint "\t$badtable"; } - } - else { + } else { goodprint "All tables are InnoDB tables"; } if ( $myvar{'binlog_format'} ne 'ROW' ) { badprint "Binlog format should be in ROW mode."; push @adjvars, "binlog_format = ROW"; - } - else { + } else { goodprint "Binlog format is in ROW mode."; } if ( $myvar{'innodb_flush_log_at_trx_commit'} != 0 ) { badprint "InnoDB flush log at each commit should be disabled."; push @adjvars, "innodb_flush_log_at_trx_commit = 0"; - } - else { + } else { goodprint "InnoDB flush log at each commit is disabled for Galera."; } @@ -5417,7 +5392,7 @@ sub mysql_innodb { . " should be equal 25%"; push( @adjvars, -"innodb_log_file_size * innodb_log_files_in_group should be equals to 1/4 of buffer pool size (=" +"innodb_log_file_size * innodb_log_files_in_group should be equal to 1/4 of buffer pool size (=" . hr_bytes_rnd( $myvar{'innodb_buffer_pool_size'} * $myvar{'innodb_log_files_in_group'} / 4 @@ -5840,13 +5815,13 @@ ENDSQL infoprint " +-- TYPE : " . $info[6]; infoprint " +-- SELECTIVITY : " . $info[7] . "%"; - $result{'Indexes'}{ $info[1] }{'Column'} = $info[0]; - $result{'Indexes'}{ $info[1] }{'Sequence number'} = $info[2]; - $result{'Indexes'}{ $info[1] }{'Number of column'} = $info[3]; - $result{'Indexes'}{ $info[1] }{'Cardinality'} = $info[4]; - $result{'Indexes'}{ $info[1] }{'Row number'} = $info[5]; - $result{'Indexes'}{ $info[1] }{'Index Type'} = $info[6]; - $result{'Indexes'}{ $info[1] }{'Selectivity'} = $info[7]; + $result{'Indexes'}{ $info[1] }{'Column'} = $info[0]; + $result{'Indexes'}{ $info[1] }{'Sequence number'} = $info[2]; + $result{'Indexes'}{ $info[1] }{'Number of column'} = $info[3]; + $result{'Indexes'}{ $info[1] }{'Cardinality'} = $info[4]; + $result{'Indexes'}{ $info[1] }{'Row number'} = $info[5]; + $result{'Indexes'}{ $info[1] }{'Index Type'} = $info[6]; + $result{'Indexes'}{ $info[1] }{'Selectivity'} = $info[7]; if ( $info[7] < 25 ) { badprint "$info[1] has a low selectivity"; } @@ -5942,7 +5917,6 @@ if ( $opt{'template'} ne 0 ) { $templateModel = file2string( $opt{'template'} ); } else { - # DEFAULT REPORT TEMPLATE $templateModel = <<'END_TEMPLATE'; @@ -6063,7 +6037,6 @@ close_outputfile; # Close reportfile if needed 1; __END__ - =pod =encoding UTF-8 From 29fb53694e73484b9ad04e115010b204cd4b3b26 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 19 May 2017 02:06:36 +0200 Subject: [PATCH 038/102] Support column analysis with produre analyse --- mysqltuner.pl | 99 ++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 87 insertions(+), 12 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 9aca567..a1fb6a9 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -988,6 +988,35 @@ sub select_one { return $result; } +# MySQL Request one +sub select_one_g { + my $pattern = shift; + + my $req = shift; + debugprint "PERFORM: $req "; + my @result = `$mysqlcmd $mysqllogin -re "\\w$req\\G" 2>>/dev/null`; + if ( $? != 0 ) { + badprint "failed to execute: $req"; + badprint "FAIL Execute SQL / return code: $?"; + debugprint "CMD : $mysqlcmd"; + debugprint "OPTIONS: $mysqllogin"; + debugprint `$mysqlcmd $mysqllogin -Bse "$req" 2>&1`; + + #exit $?; + } + debugprint "select_array: return code : $?"; + chomp(@result); + return (grep { /$pattern/ } @result)[0]; +} +sub select_str_g { + my $pattern = shift; + + my $req = shift; + my $str=select_one_g $pattern, $req; + my @val=split /:/, $str; + shift @val; + return trim(@val); +} sub get_tuning_info { my @infoconn = select_array "\\s"; my ( $tkey, $tval ); @@ -5577,13 +5606,13 @@ sub mysql_databases { return; } - my @dblist = select_array("SHOW DATABASES;"); + my @dblist = select_array("SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );"); infoprint "There is " . scalar(@dblist) . " Database(s)."; my @totaldbinfo = split /\s/, select_one( -"SELECT SUM(TABLE_ROWS), SUM(DATA_LENGTH), SUM(INDEX_LENGTH) , SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(TABLE_NAME),COUNT(DISTINCT(TABLE_COLLATION)),COUNT(DISTINCT(ENGINE)) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql' );" +"SELECT SUM(TABLE_ROWS), SUM(DATA_LENGTH), SUM(INDEX_LENGTH) , SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(TABLE_NAME),COUNT(DISTINCT(TABLE_COLLATION)),COUNT(DISTINCT(ENGINE)) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" ); - infoprint "All Databases:"; + infoprint "All User Databases:"; infoprint " +-- TABLE : " . ( $totaldbinfo[4] eq 'NULL' ? 0 : $totaldbinfo[4] ) . ""; infoprint " +-- ROWS : " @@ -5621,15 +5650,6 @@ sub mysql_databases { print "\n" unless ( $opt{'silent'} or $opt{'json'} ); foreach (@dblist) { - chomp($_); - if ( $_ eq "information_schema" - or $_ eq "performance_schema" - or $_ eq "mysql" - or $_ eq "" ) - { - next; - } - my @dbinfo = split /\s/, select_one( "SELECT TABLE_SCHEMA, SUM(TABLE_ROWS), SUM(DATA_LENGTH), SUM(INDEX_LENGTH) , SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(DISTINCT ENGINE),COUNT(TABLE_NAME),COUNT(DISTINCT(TABLE_COLLATION)),COUNT(DISTINCT(ENGINE)) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$_' GROUP BY TABLE_SCHEMA ORDER BY TABLE_SCHEMA" @@ -5749,6 +5769,58 @@ sub mysql_databases { } + +# Recommendations for database columns +sub mysql_tables { + return if ( $opt{dbstat} == 0 ); + + subheaderprint "Table Column Metrics"; + unless ( mysql_version_ge( 5, 5 ) ) { + infoprint +"Skip Database metrics from information schema missing in this version"; + return; + } + my @dblist = select_array("SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );"); + foreach (@dblist) { + my $dbname=$_; + next unless defined $_; + infoprint "Database: " . $_ . ""; + my @dbtable = select_array( +"SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA='$dbname' AND TABLE_TYPE='BASE TABLE' ORDER BY TABLE_NAME" + ); + foreach(@dbtable) { + my $tbname=$_; + infoprint " +-- TABLE: $tbname"; + my @tbcol=select_array( +"SELECT COLUMN_NAME FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname'" ); + foreach(@tbcol) { + my $ctype=select_one( +"SELECT COLUMN_TYPE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " ); + my $isnull=select_one( +"SELECT IS_NULLABLE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " ); + infoprint " +-- Column $tbname.$_:" ; + my $current_type=uc($ctype). ($isnull eq 'NO'?" NOT NULL":""); + my $optimal_type=select_str_g("Optimal_fieldtype", "SELECT $_ FROM $dbname.$tbname PROCEDURE ANALYSE(100000)"); + + if ( $current_type ne $optimal_type ) + { + infoprint " Current Fieldtype: $current_type"; + infoprint " Optimal Fieldtype: $optimal_type"; + badprint + "Consider changing type for column $_ in table $dbname.$tbname"; + push( @generalrec, + "ALTER TABLE $dbname.$tbname MODIFY $_ $optimal_type;" ); + + } + else { + goodprint "$dbname.$tbname ($_) type: $current_type"; + } + } + } + + } +} + # Recommendations for Indexes metrics sub mysql_indexes { return if ( $opt{idxstat} == 0 ); @@ -5998,6 +6070,7 @@ sub which { # BEGIN 'MAIN' # --------------------------------------------------------------------------- headerprint; # Header Print + validate_tuner_version; # Check last version mysql_setup; # Gotta login first os_setup; # Set up some OS variables @@ -6010,6 +6083,8 @@ system_recommendations; # avoid to many service on the same host log_file_recommandations; # check log file content check_storage_engines; # Show enabled storage engines mysql_databases; # Show informations about databases +mysql_tables; # Show informations about table column + mysql_indexes; # Show informations about indexes security_recommendations; # Display some security recommendations cve_recommendations; # Display related CVE From 5fce4fc0ee1d2ca2d1d7842cdb9719060f41dd25 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Fri, 19 May 2017 09:36:33 +0200 Subject: [PATCH 039/102] Adding a note for XtraDB --- mysqltuner.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 9aca567..ff03223 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -4906,7 +4906,7 @@ sub mariadb_xtradb { return; } infoprint "XtraDB is enabled."; - + infoprint "Note that MariaDB 10.2 makes use of InnoDB, not XtraDB." # All is to done here } From 821de219dbe48d81094fe075d0b226a227cc9e90 Mon Sep 17 00:00:00 2001 From: Askar Timirgazin Date: Tue, 23 May 2017 17:26:20 +0300 Subject: [PATCH 040/102] Fix for messages about defragmented tables Schema name must be divided from table name, now both of them joined, so you can't copy-paste recomendations to mysql console. Was: OPTIMIZE TABLE `test_db.test_table`; -- can free xx MB Must: OPTIMIZE TABLE `test_db`.`test_table`; -- can free xx MB --- mysqltuner.pl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 15cf06c..75b6326 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -2173,12 +2173,13 @@ sub check_storage_engines { "Run OPTIMIZE TABLE to defragment tables for better performance" ); my $total_free = 0; foreach my $table_line ( @{ $result{'Tables'}{'Fragmented tables'} } ) { - my ( $table_name, $data_free ) = split( /\s+/, $table_line ); + my ( $full_table_name, $data_free ) = split( /\s+/, $table_line ); $data_free = 0 if ( !defined($data_free) or $data_free eq '' ); $data_free = $data_free / 1024 / 1024; $total_free += $data_free; + my ( $table_schema, $table_name ) = split( /\./, $full_table_name ); push( @generalrec, - " OPTIMIZE TABLE `$table_name`; -- can free $data_free MB" ); + " OPTIMIZE TABLE `$table_schema`.`$table_name`; -- can free $data_free MB" ); } push( @generalrec, "Total freed space after theses OPTIMIZE TABLE : $total_free Mb" ); From 0de0df36fa8f18b02759cbd5acdfe46f2e97685c Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Wed, 31 May 2017 14:57:47 +0200 Subject: [PATCH 041/102] New vulnerabilities list --- vulnerabilities.csv | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vulnerabilities.csv b/vulnerabilities.csv index 6a5557b..87ee228 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -583,8 +583,8 @@ 5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; 5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.55;5;5;55;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.54 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.54 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; 3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; 3.2.1182;3;2;1182;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; 3.3.2;3;3;2;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; From cb0acfe3191914dbfc02c7833e8fdebbfff8c25b Mon Sep 17 00:00:00 2001 From: Vladislav Toigildin Date: Thu, 15 Jun 2017 20:53:20 +0300 Subject: [PATCH 042/102] fix: add newlines before pod command paragraph + newline before __END__ --- mysqltuner.pl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mysqltuner.pl b/mysqltuner.pl index 75b6326..f4d5f6f 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -6113,6 +6113,7 @@ close_outputfile; # Close reportfile if needed 1; __END__ + =pod =encoding UTF-8 @@ -6140,6 +6141,7 @@ You must provide the remote server's total memory when connecting to other serve --mysqladmin Path to a custom mysqladmin executable --mysqlcmd Path to a custom mysql executable --defaults-file Path to a custom .my.cnf + =head1 PERFORMANCE AND REPORTING OPTIONS --skipsize Don't enumerate tables and their types/sizes (default: on) @@ -6172,6 +6174,7 @@ You must provide the remote server's total memory when connecting to other serve --reportfile Path to a report txt file --template Path to a template file --verbose Prints out all options (default: no verbose) + =head1 PERLDOC You can find documentation for this module with the perldoc command. From 1aec239039421505f2d1f11d4961fd8813fc5165 Mon Sep 17 00:00:00 2001 From: Vladislav Toigildin Date: Thu, 15 Jun 2017 21:52:14 +0300 Subject: [PATCH 043/102] output help message using pod2usage instead duplicating pod documentation in usage() function --- mysqltuner.pl | 77 ++++++++------------------------------------------- 1 file changed, 11 insertions(+), 66 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index f4d5f6f..2ed2af2 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -45,6 +45,7 @@ use warnings; use diagnostics; use File::Spec; use Getopt::Long; +use Pod::Usage; use File::Basename; use Cwd 'abs_path'; @@ -97,7 +98,7 @@ my %opt = ( ); # Gather the options from the command line -my $getOptionsCheck = GetOptions( +GetOptions( \%opt, 'nobad', 'nogood', 'noinfo', 'debug', 'nocolor', @@ -119,72 +120,16 @@ my $getOptionsCheck = GetOptions( 'password=s', 'pfstat', 'passenv=s', 'userenv=s', 'defaults-file=s' -); +) or pod2usage(-exitval => 1, -verbose => 99, + -sections => [ "NAME", "IMPORTANT USAGE GUIDELINES", "CONNECTION AND AUTHENTIFICATION", + "PERFORMANCE AND REPORTING OPTIONS", "OUTPUT OPTIONS" ] + ); -#If params are incorrect return help -if ( $getOptionsCheck ne 1 ) { - usage(); -} - -if ( defined $opt{'help'} && $opt{'help'} == 1 ) { usage(); } - -sub usage { - - # Shown with --help option passed - print " MySQLTuner $tunerversion - MySQL High Performance Tuning Script\n" - . " Bug reports, feature requests, and downloads at http://mysqltuner.com/\n" - . " Maintained by Major Hayden (major\@mhtx.net) - Licensed under GPL\n" - . "\n" - . " Important Usage Guidelines:\n" - . " To run the script with the default options, run the script without arguments\n" - . " Allow MySQL server to run for at least 24-48 hours before trusting suggestions\n" - . " Some routines may require root level privileges (script will provide warnings)\n" - . " You must provide the remote server's total memory when connecting to other servers\n" - . "\n" - . " Connection and Authentication\n" - . " --host Connect to a remote host to perform tests (default: localhost)\n" - . " --socket Use a different socket for a local connection\n" - . " --port Port to use for connection (default: 3306)\n" - . " --user Username to use for authentication\n" - . " --userenv Name of env variable which contains username to use for authentication\n" - . " --pass Password to use for authentication\n" - . " --passenv Name of env variable which contains password to use for authentication\n" - . " --defaults-file Path to a custom .my.cnf\n" - . " --mysqladmin Path to a custom mysqladmin executable\n" - . " --mysqlcmd Path to a custom mysql executable\n" . "\n" - . " --noask Don't ask password if needed\n" . "\n" - . " Performance and Reporting Options\n" - . " --skipsize Don't enumerate tables and their types/sizes (default: on)\n" - . " (Recommended for servers with many tables)\n" - . " --skippassword Don't perform checks on user passwords(default: off)\n" - . " --checkversion Check for updates to MySQLTuner (default: don't check)\n" - . " --updateversion Check for updates to MySQLTuner and update when newer version is available (default: don't check)\n" - . " --forcemem Amount of RAM installed in megabytes\n" - . " --forceswap Amount of swap memory configured in megabytes\n" - . " --passwordfile Path to a password file list(one password by line)\n" - . " Output Options:\n" - . " --silent Don't output anything on screen\n" - . " --nogood Remove OK responses\n" - . " --nobad Remove negative/suggestion responses\n" - . " --noinfo Remove informational responses\n" - . " --debug Print debug information\n" - . " --dbstat Print database information\n" - . " --idxstat Print index information\n" - . " --sysstat Print system information\n" - . " --pfstat Print Performance schema information\n" - . " --bannedports Ports banned separated by comma(,)\n" - . " --maxportallowed Number of ports opened allowed on this hosts\n" - . " --cvefile CVE File for vulnerability checks\n" - . " --nocolor Don't print output in color\n" - . " --json Print result as JSON string\n" - . " --prettyjson Print result as human readable JSON\n" - . " --buffers Print global and per-thread buffer values\n" - . " --outputfile Path to a output txt file\n" . "\n" - . " --reportfile Path to a report txt file\n" . "\n" - . " --template Path to a template file\n" . "\n" - . " --verbose Prints out all options (default: no verbose) \n" - . "\n"; - exit 0; +if ( defined $opt{'help'} && $opt{'help'} == 1 ) { + pod2usage(-exitval => 0, -verbose => 99, + -sections => [ "NAME", "IMPORTANT USAGE GUIDELINES", "CONNECTION AND AUTHENTIFICATION", + "PERFORMANCE AND REPORTING OPTIONS", "OUTPUT OPTIONS" ] + ); } my $devnull = File::Spec->devnull(); From 84c1bbafae60aa41c0f3d972e6e5ad31f713cdbe Mon Sep 17 00:00:00 2001 From: Vladislav Toigildin Date: Thu, 15 Jun 2017 21:57:07 +0300 Subject: [PATCH 044/102] refactoring: pod documentation --- mysqltuner.pl | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 2ed2af2..ae29b10 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -6076,16 +6076,16 @@ You must provide the remote server's total memory when connecting to other serve =head1 CONNECTION AND AUTHENTIFICATION - --host Connect to a remote host to perform tests (default: localhost) - --socket Use a different socket for a local connection - --port Port to use for connection (default: 3306) - --user Username to use for authentication - --userenv Name of env variable which contains username to use for authentication - --pass Password to use for authentication - --passenv Name of env variable which contains password to use for authentication - --mysqladmin Path to a custom mysqladmin executable - --mysqlcmd Path to a custom mysql executable - --defaults-file Path to a custom .my.cnf + --host Connect to a remote host to perform tests (default: localhost) + --socket Use a different socket for a local connection + --port Port to use for connection (default: 3306) + --user Username to use for authentication + --userenv Name of env variable which contains username to use for authentication + --pass Password to use for authentication + --passenv Name of env variable which contains password to use for authentication + --mysqladmin Path to a custom mysqladmin executable + --mysqlcmd Path to a custom mysql executable + --defaults-file Path to a custom .my.cnf =head1 PERFORMANCE AND REPORTING OPTIONS From 9b2fcd85f0e3dc1247d9330a9877e54e8ffb5050 Mon Sep 17 00:00:00 2001 From: Andrew Daugherity Date: Fri, 16 Jun 2017 16:25:44 -0500 Subject: [PATCH 045/102] fix micro version comparison Both the minor *and* the major versions need to match before checking the micro version. --- mysqltuner.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 75b6326..57b4e19 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1902,7 +1902,7 @@ sub mysql_version_ge { return int($mysqlvermajor) > int($maj) || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) > int($min) ) - || ( int($mysqlverminor) == int($min) + || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) == int($min) && int($mysqlvermicro) >= int($mic) ); } @@ -1914,7 +1914,7 @@ sub mysql_version_le { return int($mysqlvermajor) < int($maj) || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) < int($min) ) - || ( int($mysqlverminor) == int($min) + || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) == int($min) && int($mysqlvermicro) <= int($mic) ); } From 77bcb72702cfc27aefff5cde18a54569138d1782 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Wed, 5 Jul 2017 11:51:33 +0200 Subject: [PATCH 046/102] Update vulnerabilities list --- USAGE.md | 28 ++--- mysqltuner.pl | 252 +++++++++++++++++++++++++++----------------- vulnerabilities.csv | 140 ++++++++++++------------ 3 files changed, 239 insertions(+), 181 deletions(-) diff --git a/USAGE.md b/USAGE.md index 60dc83b..cfac532 100644 --- a/USAGE.md +++ b/USAGE.md @@ -11,17 +11,18 @@ You must provide the remote server's total memory when connecting to other serve # CONNECTION AND AUTHENTIFICATION - --host Connect to a remote host to perform tests (default: localhost) - --socket Use a different socket for a local connection - --port Port to use for connection (default: 3306) - --user Username to use for authentication - --userenv Name of env variable which contains username to use for authentication - --pass Password to use for authentication - --passenv Name of env variable which contains password to use for authentication - --mysqladmin Path to a custom mysqladmin executable - --mysqlcmd Path to a custom mysql executable - --defaults-file Path to a custom .my.cnf - =head1 PERFORMANCE AND REPORTING OPTIONS + --host Connect to a remote host to perform tests (default: localhost) + --socket Use a different socket for a local connection + --port Port to use for connection (default: 3306) + --user Username to use for authentication + --userenv Name of env variable which contains username to use for authentication + --pass Password to use for authentication + --passenv Name of env variable which contains password to use for authentication + --mysqladmin Path to a custom mysqladmin executable + --mysqlcmd Path to a custom mysql executable + --defaults-file Path to a custom .my.cnf + +# PERFORMANCE AND REPORTING OPTIONS --skipsize Don't enumerate tables and their types/sizes (default: on) (Recommended for servers with many tables) @@ -53,7 +54,8 @@ You must provide the remote server's total memory when connecting to other serve --reportfile Path to a report txt file --template Path to a template file --verbose Prints out all options (default: no verbose) - =head1 PERLDOC + +# PERLDOC You can find documentation for this module with the perldoc command. @@ -140,4 +142,4 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License -along with this program. If not, see . +along with this program. If not, see <http://www.gnu.org/licenses/>. diff --git a/mysqltuner.pl b/mysqltuner.pl index 70357a3..39ee8df 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -120,16 +120,31 @@ GetOptions( 'password=s', 'pfstat', 'passenv=s', 'userenv=s', 'defaults-file=s' -) or pod2usage(-exitval => 1, -verbose => 99, - -sections => [ "NAME", "IMPORTANT USAGE GUIDELINES", "CONNECTION AND AUTHENTIFICATION", - "PERFORMANCE AND REPORTING OPTIONS", "OUTPUT OPTIONS" ] - ); + ) + or pod2usage( + -exitval => 1, + -verbose => 99, + -sections => [ + "NAME", + "IMPORTANT USAGE GUIDELINES", + "CONNECTION AND AUTHENTIFICATION", + "PERFORMANCE AND REPORTING OPTIONS", + "OUTPUT OPTIONS" + ] + ); if ( defined $opt{'help'} && $opt{'help'} == 1 ) { - pod2usage(-exitval => 0, -verbose => 99, - -sections => [ "NAME", "IMPORTANT USAGE GUIDELINES", "CONNECTION AND AUTHENTIFICATION", - "PERFORMANCE AND REPORTING OPTIONS", "OUTPUT OPTIONS" ] - ); + pod2usage( + -exitval => 0, + -verbose => 99, + -sections => [ + "NAME", + "IMPORTANT USAGE GUIDELINES", + "CONNECTION AND AUTHENTIFICATION", + "PERFORMANCE AND REPORTING OPTIONS", + "OUTPUT OPTIONS" + ] + ); } my $devnull = File::Spec->devnull(); @@ -245,9 +260,10 @@ sub infoprinthcmd { infoprintcmd "$_[1]"; } -# Calculates the number of phyiscal cores considering HyperThreading +# Calculates the number of phyiscal cores considering HyperThreading sub cpu_cores { - my $cntCPU = `awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`; + my $cntCPU = +`awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`; return ( $cntCPU == 0 ? `nproc` : $cntCPU ); } @@ -482,7 +498,8 @@ sub validate_tuner_version { } my $update; - my $url = "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; + my $url = +"https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; my $httpcli = get_http_cli(); if ( $httpcli =~ /curl$/ ) { debugprint "$httpcli is available."; @@ -557,9 +574,9 @@ sub update_tuner_version { debugprint "$httpcli is available."; debugprint - "$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'"; +"$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'"; $update = - `$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'`; +`$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'`; chomp($update); if ( -s $script eq 0 ) { @@ -666,7 +683,7 @@ sub mysql_setup { if ( $opt{socket} ne 0 ) { $remotestring = " -S $opt{socket} -P $opt{port}"; } - + # Are we being asked to connect to a remote server? if ( $opt{host} ne 0 ) { chomp( $opt{host} ); @@ -684,8 +701,9 @@ sub mysql_setup { if ( ( $opt{host} ne "127.0.0.1" ) && ( $opt{host} ne "localhost" ) ) { $doremote = 1; } - } else { - $opt{host}='127.0.0.1'; + } + else { + $opt{host} = '127.0.0.1'; } # Did we already get a username without password on the command line? @@ -814,6 +832,7 @@ sub mysql_setup { } } else { + # It's not Plesk or debian, we should try a login debugprint "$mysqladmincmd $remotestring ping 2>&1"; my $loginstatus = `$mysqladmincmd $remotestring ping 2>&1`; @@ -936,7 +955,7 @@ sub select_one { # MySQL Request one sub select_one_g { my $pattern = shift; - + my $req = shift; debugprint "PERFORM: $req "; my @result = `$mysqlcmd $mysqllogin -re "\\w$req\\G" 2>>/dev/null`; @@ -951,17 +970,19 @@ sub select_one_g { } debugprint "select_array: return code : $?"; chomp(@result); - return (grep { /$pattern/ } @result)[0]; + return ( grep { /$pattern/ } @result )[0]; } + sub select_str_g { my $pattern = shift; - + my $req = shift; - my $str=select_one_g $pattern, $req; - my @val=split /:/, $str; + my $str = select_one_g $pattern, $req; + my @val = split /:/, $str; shift @val; return trim(@val); } + sub get_tuning_info { my @infoconn = select_array "\\s"; my ( $tkey, $tval ); @@ -1441,7 +1462,8 @@ sub get_kernel_info { badprint "Swappiness is > 10, please consider having a value lower than 10"; push @generalrec, "setup swappiness lower or equals to 10"; - push @adjvars, 'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)'; + push @adjvars, + 'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)'; } else { infoprint "Swappiness is < 10."; @@ -1796,7 +1818,7 @@ sub get_replication_status { "This replication slave is not running but seems to be configured."; } if ( defined($io_running) - && $io_running =~ /yes/i + && $io_running =~ /yes/i && $sql_running =~ /yes/i ) { if ( $myvar{'read_only'} eq 'OFF' ) { @@ -1847,7 +1869,8 @@ sub mysql_version_ge { return int($mysqlvermajor) > int($maj) || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) > int($min) ) - || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) == int($min) + || ( int($mysqlvermajor) == int($maj) + && int($mysqlverminor) == int($min) && int($mysqlvermicro) >= int($mic) ); } @@ -1859,7 +1882,8 @@ sub mysql_version_le { return int($mysqlvermajor) < int($maj) || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) < int($min) ) - || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) == int($min) + || ( int($mysqlvermajor) == int($maj) + && int($mysqlverminor) == int($min) && int($mysqlvermicro) <= int($mic) ); } @@ -2062,7 +2086,7 @@ sub check_storage_engines { debugprint "Data dump " . Dumper(@$tbl); my ( $engine, $size, $datafree ) = @$tbl; next if $engine eq 'NULL'; - $size = 0 if $size eq 'NULL'; + $size = 0 if $size eq 'NULL'; $datafree = 0 if $datafree eq 'NULL'; if ( defined $enginestats{$engine} ) { $enginestats{$engine} += $size; @@ -2124,7 +2148,8 @@ sub check_storage_engines { $total_free += $data_free; my ( $table_schema, $table_name ) = split( /\./, $full_table_name ); push( @generalrec, - " OPTIMIZE TABLE `$table_schema`.`$table_name`; -- can free $data_free MB" ); +" OPTIMIZE TABLE `$table_schema`.`$table_name`; -- can free $data_free MB" + ); } push( @generalrec, "Total freed space after theses OPTIMIZE TABLE : $total_free Mb" ); @@ -2300,7 +2325,7 @@ sub calculations { $myvar{'key_cache_block_size'} ) / $myvar{'key_buffer_size'} ) - ) * 100 + ) * 100 ); } else { @@ -2341,8 +2366,9 @@ sub calculations { } if ( $mystat{'Key_write_requests'} > 0 ) { - $mycalc{'pct_wkeys_from_mem'} = sprintf( - "%.1f",( ($mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 ) ); + $mycalc{'pct_wkeys_from_mem'} = sprintf( "%.1f", + ( ( $mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 ) + ); } else { $mycalc{'pct_wkeys_from_mem'} = 0; @@ -2386,14 +2412,14 @@ sub calculations { ( $mystat{'Qcache_hits'} / ( $mystat{'Com_select'} + $mystat{'Qcache_hits'} ) - ) * 100 + ) * 100 ); if ( $myvar{'query_cache_size'} ) { $mycalc{'pct_query_cache_used'} = sprintf( "%.1f", 100 - ( $mystat{'Qcache_free_memory'} / $myvar{'query_cache_size'} - ) * 100 + ) * 100 ); } if ( $mystat{'Qcache_lowmem_prunes'} == 0 ) { @@ -2618,7 +2644,7 @@ sub mysql_stats { if ( defined $myvar{'query_cache_type'} ) { infoprint "Query Cache Buffers"; - infoprint " +-- Query Cache: " + infoprint " +-- Query Cache: " . $myvar{'query_cache_type'} . " - " . ( $myvar{'query_cache_type'} eq 0 | @@ -3121,6 +3147,7 @@ sub mysql_myisam { } } else { + # No queries have run that would use keys debugprint "Key buffer used: $mycalc{'pct_key_buffer_used'}% (" . hr_num( @@ -3180,6 +3207,7 @@ sub mysql_myisam { } } else { + # No queries have run that would use keys debugprint "Key buffer size / total MyISAM indexes: " . hr_bytes( $myvar{'key_buffer_size'} ) . "/" @@ -3204,6 +3232,7 @@ sub mysql_myisam { } } else { + # No queries have run that would use keys debugprint "Write Key buffer hit rate: $mycalc{'pct_wkeys_from_mem'}% (" @@ -4882,7 +4911,8 @@ sub mariadb_xtradb { } infoprint "XtraDB is enabled."; infoprint "Note that MariaDB 10.2 makes use of InnoDB, not XtraDB." - # All is to done here + + # All is to done here } # Recommendations for RocksDB @@ -5014,11 +5044,11 @@ group by c.table_schema,c.table_name having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" ); - if ( get_wsrep_option('wsrep_slave_threads') > cpu_cores * 4 - or get_wsrep_option('wsrep_slave_threads') < cpu_cores * 3 ) + if ( get_wsrep_option('wsrep_slave_threads') > cpu_cores *4 + or get_wsrep_option('wsrep_slave_threads') < cpu_cores *3 ) { badprint - "wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)"; +"wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)"; push @adjvars, "wsrep_slave_threads= Nb of Core CPU * 4"; } else { @@ -5031,43 +5061,55 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" { badprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; push @adjvars, "gcs.limit= wsrep_slave_threads * 5"; - } else { + } + else { goodprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; } - if (get_wsrep_option('wsrep_slave_threads') > 1) { - infoprint "wsrep parallel slave can cause frequent inconsistency crash."; - push @adjvars, "Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; + if ( get_wsrep_option('wsrep_slave_threads') > 1 ) { + infoprint + "wsrep parallel slave can cause frequent inconsistency crash."; + push @adjvars, +"Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; + # check options for parallel slave - if (get_wsrep_option('wsrep_slave_FK_checks') eq "OFF") { + if ( get_wsrep_option('wsrep_slave_FK_checks') eq "OFF" ) { badprint "wsrep_slave_FK_checks is off with parallel slave"; - push @adjvars, "wsrep_slave_FK_checks should be ON when using parallel slave"; + push @adjvars, + "wsrep_slave_FK_checks should be ON when using parallel slave"; } + # wsrep_slave_UK_checks seems useless in MySQL source code - if ($myvar{'innodb_autoinc_lock_mode'} != 2) { - badprint "innodb_autoinc_lock_mode is incorrect with parallel slave"; - push @adjvars, "innodb_autoinc_lock_mode should be 2 when using parallel slave"; + if ( $myvar{'innodb_autoinc_lock_mode'} != 2 ) { + badprint + "innodb_autoinc_lock_mode is incorrect with parallel slave"; + push @adjvars, + "innodb_autoinc_lock_mode should be 2 when using parallel slave"; } } - - if (get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) { + + if ( get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) + { badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5"; - } else { + } + else { goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads"; } - - if (get_wsrep_option('gcs.fc_factor') != 0.8 ) { + + if ( get_wsrep_option('gcs.fc_factor') != 0.8 ) { badprint "gcs.fc_factor should be equal to 0.8"; push @adjvars, "gcs.fc_factor=0.8"; } else { goodprint "gcs.fc_factor is equal to 0.8"; } - if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) { + if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) { badprint "Fraction of time node pause flow control > 0.02"; - } else { - goodprint "Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; + } + else { + goodprint +"Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; } if ( scalar(@primaryKeysNbTables) > 0 ) { @@ -5076,7 +5118,8 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" badprint "\t$badtable"; push @{ $result{'Tables without PK'} }, $badtable; } - } else { + } + else { goodprint "All tables get a primary key"; } my @nonInnoDBTables = select_array( @@ -5089,19 +5132,22 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" foreach my $badtable (@nonInnoDBTables) { badprint "\t$badtable"; } - } else { + } + else { goodprint "All tables are InnoDB tables"; } if ( $myvar{'binlog_format'} ne 'ROW' ) { badprint "Binlog format should be in ROW mode."; push @adjvars, "binlog_format = ROW"; - } else { + } + else { goodprint "Binlog format is in ROW mode."; } if ( $myvar{'innodb_flush_log_at_trx_commit'} != 0 ) { badprint "InnoDB flush log at each commit should be disabled."; push @adjvars, "innodb_flush_log_at_trx_commit = 0"; - } else { + } + else { goodprint "InnoDB flush log at each commit is disabled for Galera."; } @@ -5552,7 +5598,9 @@ sub mysql_databases { return; } - my @dblist = select_array("SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );"); + my @dblist = select_array( +"SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" + ); infoprint "There is " . scalar(@dblist) . " Database(s)."; my @totaldbinfo = split /\s/, select_one( @@ -5715,7 +5763,6 @@ sub mysql_databases { } - # Recommendations for database columns sub mysql_tables { return if ( $opt{dbstat} == 0 ); @@ -5726,44 +5773,52 @@ sub mysql_tables { "Skip Database metrics from information schema missing in this version"; return; } - my @dblist = select_array("SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );"); + my @dblist = select_array( +"SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" + ); foreach (@dblist) { - my $dbname=$_; + my $dbname = $_; next unless defined $_; infoprint "Database: " . $_ . ""; my @dbtable = select_array( "SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA='$dbname' AND TABLE_TYPE='BASE TABLE' ORDER BY TABLE_NAME" - ); - foreach(@dbtable) { - my $tbname=$_; + ); + foreach (@dbtable) { + my $tbname = $_; infoprint " +-- TABLE: $tbname"; - my @tbcol=select_array( -"SELECT COLUMN_NAME FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname'" ); - foreach(@tbcol) { - my $ctype=select_one( -"SELECT COLUMN_TYPE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " ); - my $isnull=select_one( -"SELECT IS_NULLABLE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " ); - infoprint " +-- Column $tbname.$_:" ; - my $current_type=uc($ctype). ($isnull eq 'NO'?" NOT NULL":""); - my $optimal_type=select_str_g("Optimal_fieldtype", "SELECT $_ FROM $dbname.$tbname PROCEDURE ANALYSE(100000)"); - - if ( $current_type ne $optimal_type ) - { - infoprint " Current Fieldtype: $current_type"; - infoprint " Optimal Fieldtype: $optimal_type"; - badprint - "Consider changing type for column $_ in table $dbname.$tbname"; - push( @generalrec, - "ALTER TABLE $dbname.$tbname MODIFY $_ $optimal_type;" ); + my @tbcol = select_array( +"SELECT COLUMN_NAME FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname'" + ); + foreach (@tbcol) { + my $ctype = select_one( +"SELECT COLUMN_TYPE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " + ); + my $isnull = select_one( +"SELECT IS_NULLABLE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " + ); + infoprint " +-- Column $tbname.$_:"; + my $current_type = + uc($ctype) . ( $isnull eq 'NO' ? " NOT NULL" : "" ); + my $optimal_type = select_str_g( "Optimal_fieldtype", + "SELECT $_ FROM $dbname.$tbname PROCEDURE ANALYSE(100000)" + ); - } - else { - goodprint "$dbname.$tbname ($_) type: $current_type"; - } + if ( $current_type ne $optimal_type ) { + infoprint " Current Fieldtype: $current_type"; + infoprint " Optimal Fieldtype: $optimal_type"; + badprint +"Consider changing type for column $_ in table $dbname.$tbname"; + push( @generalrec, + "ALTER TABLE $dbname.$tbname MODIFY $_ $optimal_type;" + ); + + } + else { + goodprint "$dbname.$tbname ($_) type: $current_type"; + } } - } - + } + } } @@ -5833,13 +5888,13 @@ ENDSQL infoprint " +-- TYPE : " . $info[6]; infoprint " +-- SELECTIVITY : " . $info[7] . "%"; - $result{'Indexes'}{ $info[1] }{'Column'} = $info[0]; - $result{'Indexes'}{ $info[1] }{'Sequence number'} = $info[2]; - $result{'Indexes'}{ $info[1] }{'Number of column'} = $info[3]; - $result{'Indexes'}{ $info[1] }{'Cardinality'} = $info[4]; - $result{'Indexes'}{ $info[1] }{'Row number'} = $info[5]; - $result{'Indexes'}{ $info[1] }{'Index Type'} = $info[6]; - $result{'Indexes'}{ $info[1] }{'Selectivity'} = $info[7]; + $result{'Indexes'}{ $info[1] }{'Column'} = $info[0]; + $result{'Indexes'}{ $info[1] }{'Sequence number'} = $info[2]; + $result{'Indexes'}{ $info[1] }{'Number of column'} = $info[3]; + $result{'Indexes'}{ $info[1] }{'Cardinality'} = $info[4]; + $result{'Indexes'}{ $info[1] }{'Row number'} = $info[5]; + $result{'Indexes'}{ $info[1] }{'Index Type'} = $info[6]; + $result{'Indexes'}{ $info[1] }{'Selectivity'} = $info[7]; if ( $info[7] < 25 ) { badprint "$info[1] has a low selectivity"; } @@ -5935,6 +5990,7 @@ if ( $opt{'template'} ne 0 ) { $templateModel = file2string( $opt{'template'} ); } else { + # DEFAULT REPORT TEMPLATE $templateModel = <<'END_TEMPLATE'; @@ -6015,7 +6071,7 @@ sub which { # --------------------------------------------------------------------------- # BEGIN 'MAIN' # --------------------------------------------------------------------------- -headerprint; # Header Print +headerprint; # Header Print validate_tuner_version; # Check last version mysql_setup; # Gotta login first diff --git a/vulnerabilities.csv b/vulnerabilities.csv index 87ee228..5d60542 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -354,35 +354,35 @@ 5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; 5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; 5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75762 | URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75774 | URL:http://www.securityfocus.com/bid/75774";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75760 | URL:http://www.securityfocus.com/bid/75760";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75815 | URL:http://www.securityfocus.com/bid/75815";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75813 | URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75762 | URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75774 | URL:http://www.securityfocus.com/bid/75774";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75760 | URL:http://www.securityfocus.com/bid/75760";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75815 | URL:http://www.securityfocus.com/bid/75815";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75813 | URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)"; 5.7.2;5;7;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; 6.1.2;6;1;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; 5.5.43;5;5;43;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | BID:75785 | URL:http://www.securityfocus.com/bid/75785";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | BID:75785 | URL:http://www.securityfocus.com/bid/75785";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75770 | URL:http://www.securityfocus.com/bid/75770";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77232 | URL:http://www.securityfocus.com/bid/77232 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75844 | URL:http://www.securityfocus.com/bid/75844";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75753 | URL:http://www.securityfocus.com/bid/75753";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75835 | URL:http://www.securityfocus.com/bid/75835";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75781 | URL:http://www.securityfocus.com/bid/75781";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75844 | URL:http://www.securityfocus.com/bid/75844";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75753 | URL:http://www.securityfocus.com/bid/75753";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75835 | URL:http://www.securityfocus.com/bid/75835";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75781 | URL:http://www.securityfocus.com/bid/75781";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77213 | URL:http://www.securityfocus.com/bid/77213 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; @@ -540,12 +540,12 @@ 5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; 5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; -7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; +5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; +7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; 5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; 5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; 5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; @@ -557,32 +557,32 @@ 5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93740 | URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93720 | URL:http://www.securityfocus.com/bid/93720";Assigned (20160926);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93733 | URL:http://www.securityfocus.com/bid/93733";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95538 | URL:http://www.securityfocus.com/bid/95538";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95482 | URL:http://www.securityfocus.com/bid/95482";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95486 | URL:http://www.securityfocus.com/bid/95486";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95538 | URL:http://www.securityfocus.com/bid/95538";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95482 | URL:http://www.securityfocus.com/bid/95482";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95486 | URL:http://www.securityfocus.com/bid/95486";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; 5.5.54;5;5;54;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.54 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; 5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.54 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; 3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; @@ -597,20 +597,20 @@ 5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; 5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95479 | URL:http://www.securityfocus.com/bid/95479";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95470 | URL:http://www.securityfocus.com/bid/95470";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95479 | URL:http://www.securityfocus.com/bid/95479";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95470 | URL:http://www.securityfocus.com/bid/95470";Assigned (20161206);"None (candidate not yet proposed)"; 5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; 5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; From 52fb453f2768cbc954a5692f9d599d103ca3e27c Mon Sep 17 00:00:00 2001 From: kostya v Date: Mon, 10 Jul 2017 16:57:15 +0300 Subject: [PATCH 047/102] Read the value of wsrep_slave_threads from the right place. --- mysqltuner.pl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 39ee8df..99c97b7 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -4975,6 +4975,8 @@ sub get_wsrep_options { return () unless defined $myvar{'wsrep_provider_options'}; my @galera_options = split /;/, $myvar{'wsrep_provider_options'}; + my $wsrep_slave_threads = $myvar{'wsrep_slave_threads'}; + push @galera_options, ' wsrep_slave_threads = '.$wsrep_slave_threads; @galera_options = remove_cr @galera_options; @galera_options = remove_empty @galera_options; debugprint Dumper( \@galera_options ); @@ -5044,8 +5046,8 @@ group by c.table_schema,c.table_name having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" ); - if ( get_wsrep_option('wsrep_slave_threads') > cpu_cores *4 - or get_wsrep_option('wsrep_slave_threads') < cpu_cores *3 ) + if ( get_wsrep_option('wsrep_slave_threads') > (cpu_cores) *4 + or get_wsrep_option('wsrep_slave_threads') < (cpu_cores) *3 ) { badprint "wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)"; From 8d4c50cc2cc0ba9d426c80c95a71aed71d38bda8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20=27Pessoft=27=20Kol=C3=ADnek?= Date: Tue, 11 Jul 2017 21:41:09 +0200 Subject: [PATCH 048/102] Fixes calculation and display of ratio between InnoDB log files size and InnoDB buffer pool size --- mysqltuner.pl | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 99c97b7..f44a7d2 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -5349,9 +5349,7 @@ sub mysql_innodb { } if ( defined $myvar{'innodb_log_file_size'} ) { infoprint " +-- InnoDB Log File Size: " - . hr_bytes( $myvar{'innodb_log_file_size'} ) . "(" - . $mycalc{'innodb_log_size_pct'} - . " % of buffer pool)"; + . hr_bytes( $myvar{'innodb_log_file_size'} ); } if ( defined $myvar{'innodb_log_files_in_group'} ) { infoprint " +-- InnoDB Log File In Group: " @@ -5360,7 +5358,9 @@ sub mysql_innodb { if ( defined $myvar{'innodb_log_files_in_group'} ) { infoprint " +-- InnoDB Total Log File Size: " . hr_bytes( $myvar{'innodb_log_files_in_group'} * - $myvar{'innodb_log_file_size'} ); + $myvar{'innodb_log_file_size'} ) . "(" + . $mycalc{'innodb_log_size_pct'} + . " % of buffer pool)"; } if ( defined $myvar{'innodb_log_buffer_size'} ) { infoprint " +-- InnoDB Log Buffer: " @@ -5413,18 +5413,17 @@ sub mysql_innodb { . $myvar{'innodb_log_files_in_group'} . "/" . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . " should be equal 25%"; - push( - @adjvars, -"innodb_log_file_size * innodb_log_files_in_group should be equal to 1/4 of buffer pool size (=" + push( @adjvars, + "innodb_log_file_size should be (=" . hr_bytes_rnd( - $myvar{'innodb_buffer_pool_size'} * + $myvar{'innodb_buffer_pool_size'} / $myvar{'innodb_log_files_in_group'} / 4 ) - . ") if possible." + . ") if possible, so InnoDB total log files size equals to 25% of buffer pool size." ); } else { - goodprint "InnoDB log file size / InnoDB Buffer pool size: " + goodprint "Ratio InnoDB log file size / InnoDB Buffer pool size: " . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " . $myvar{'innodb_log_files_in_group'} . "/" . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) From 2ae6cbb52f8b0d5012d6a412411041d00089ff34 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Mon, 24 Jul 2017 15:03:51 +0200 Subject: [PATCH 049/102] New vulnerabities list --- build/updateCVElist.pl | 19 +- vulnerabilities.csv | 767 ++++++++++++++++++++++++++++++++++++++--- 2 files changed, 720 insertions(+), 66 deletions(-) diff --git a/build/updateCVElist.pl b/build/updateCVElist.pl index 9219ae6..17f8035 100644 --- a/build/updateCVElist.pl +++ b/build/updateCVElist.pl @@ -40,17 +40,18 @@ $mech->add_handler("response_redirect" => sub { print '#'x80,"\nREDIRECT RESPONS my $url = 'http://cve.mitre.org/data/downloads/allitems.csv'; my $resp; -unlink ('cve.csv') if (-f 'cve.csv'); +unless (-f 'cve.csv') { + $resp=$mech->get($url); + $mech->save_content( "cve.csv" ); +} +my $f=File::Util->new( readlimit => 152428800); +File::Util->flock_rules( qw/ IGNORE/ ); -$resp=$mech->get($url); -$mech->save_content( "cve.csv" ); - -my $f=File::Util->new('readlimit' => 100000000, 'use_flock'=>'false'); -my(@lines) = $f->load_file('cve.csv', '--as-lines'); my @versions; my $temp; unlink '../vulnerabilities.csv' if -f '../vulnerabilities.csv'; -foreach my $line (@lines) { +open(CVE, 'cve.csv') or die("Could not open file."); +foreach my $line () { if ($line =~ /(mysql|mariadb)/i and $line =~ /server/i and $line =~ /CANDIDATE/i @@ -72,7 +73,7 @@ foreach my $line (@lines) { } } } - -unlink ('cve.csv') if (-f 'cve.csv'); +close(CVE); +#unlink ('cve.csv') if (-f 'cve.csv'); exit(0); diff --git a/vulnerabilities.csv b/vulnerabilities.csv index 5d60542..c20e57c 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -1,653 +1,1306 @@ -4.0.20;4;0;20;CVE-2004-0457;Candidate;"The mysqlhotcopy script in mysql 4.0.20 and earlier; when using the scp method from the mysql-server package; allows local users to overwrite arbitrary files via a symlink attack on temporary files.";"DEBIAN:DSA-540 | URL:http://www.debian.org/security/2004/dsa-540 | CONFIRM:http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | OVAL:oval:org.mitre.oval:def:10693 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10693 | XF:mysql-mysqlhotcopy-insecure-file(17030) | URL:http://xforce.iss.net/xforce/xfdb/17030";Assigned (20040506);"None (candidate not yet proposed)"; -4.0.20;4;0;20;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:http://xforce.iss.net/xforce/xfdb/17047";Assigned (20040908);"None (candidate not yet proposed)"; -3.23.48;3;23;48;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:http://xforce.iss.net/xforce/xfdb/17047";Assigned (20040908);"None (candidate not yet proposed)"; +4.0.20;4;0;20;CVE-2004-0457;Candidate;"The mysqlhotcopy script in mysql 4.0.20 and earlier; when using the scp method from the mysql-server package; allows local users to overwrite arbitrary files via a symlink attack on temporary files.";"DEBIAN:DSA-540 | URL:http://www.debian.org/security/2004/dsa-540 | CONFIRM:http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | OVAL:oval:org.mitre.oval:def:10693 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10693 | XF:mysql-mysqlhotcopy-insecure-file(17030) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17030";Assigned (20040506);"None (candidate not yet proposed)"; + +4.0.20;4;0;20;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17047";Assigned (20040908);"None (candidate not yet proposed)"; + +3.23.48;3;23;48;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17047";Assigned (20040908);"None (candidate not yet proposed)"; + 4.1.9;4;1;9;CVE-2005-0799;Candidate;"MySQL 4.1.9; and possibly earlier versions; allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.";"BUGTRAQ:20050315 Denial of Service Vulnerability in MySQL Server for Windows | URL:http://marc.info/?l=bugtraq&m=111091250923281&w=2 | CONFIRM:http://bugs.mysql.com/bug.php?id=9148 | SECUNIA:14564 | URL:http://secunia.com/advisories/14564";Assigned (20050320);"None (candidate not yet proposed)"; + 4.1.20;4;1;20;CVE-2006-3469;Candidate;"Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function; which is later used in a formatted print call to display the error message.";"MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 | MISC:http://bugs.mysql.com/bug.php?id=20729 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html | CONFIRM:http://docs.info.apple.com/article.html?artnum=305214 | APPLE:APPLE-SA-2007-03-13 | URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | DEBIAN:DSA-1112 | URL:http://www.debian.org/security/2006/dsa-1112 | GENTOO:GLSA-200608-09 | URL:http://security.gentoo.org/glsa/glsa-200608-09.xml | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | UBUNTU:USN-321-1 | URL:http://www.ubuntu.com/usn/usn-321-1 | CERT:TA07-072A | URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html | BID:19032 | URL:http://www.securityfocus.com/bid/19032 | OVAL:oval:org.mitre.oval:def:9827 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9827 | VUPEN:ADV-2007-0930 | URL:http://www.vupen.com/english/advisories/2007/0930 | SECUNIA:21147 | URL:http://secunia.com/advisories/21147 | SECUNIA:21366 | URL:http://secunia.com/advisories/21366 | SECUNIA:24479 | URL:http://secunia.com/advisories/24479 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226";Assigned (20060710);"None (candidate not yet proposed)"; + 4.1.22;4;1;22;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; + 5.0.41;5;0;41;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; + 5.1.17;5;1;17;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; + 5.0.44;5;0;44;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; + 5.0.39;5;0;39;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; + 5.1.17;5;1;17;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; + 5.0.44;5;0;44;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; + 5.0.44;5;0;44;CVE-2007-3780;Candidate;"MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=28984 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2007:0875 | URL:http://www.redhat.com/support/errata/RHSA-2007-0875.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:36732 | URL:http://osvdb.org/36732 | OVAL:oval:org.mitre.oval:def:11058 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11058 | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | SECTRACK:1018629 | URL:http://www.securitytracker.com/id?1018629 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26621 | URL:http://secunia.com/advisories/26621 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823";Assigned (20070715);"None (candidate not yet proposed)"; + 5.0.44;5;0;44;CVE-2007-3781;Candidate;"MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement; which allows remote authenticated users to obtain sensitive information such as the table structure.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=25578 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:37783 | URL:http://osvdb.org/37783 | OVAL:oval:org.mitre.oval:def:9195 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9195 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; + 5.0.44;5;0;44;CVE-2007-3782;Candidate;"MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://bugs.mysql.com/bug.php?id=27878 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OVAL:oval:org.mitre.oval:def:10563 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10563 | SECTRACK:1018663 | URL:http://securitytracker.com/id?1018663 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; + 5.0.50;5;0;50;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; + 5.0.51;5;0;51;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; + 5.1.22;5;1;22;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; + 6.0.3;6;0;3;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; + 5.0.50;5;0;50;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; + 5.1.22;5;1;22;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; + 6.0.3;6;0;3;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; + 5.0.50;5;0;50;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; + 5.1.22;5;1;22;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; + 6.0.3;6;0;3;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; + 5.1.22;5;1;22;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; + 6.0.3;6;0;3;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; + 5.0.65;5;0;65;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; + 5.1.25;5;1;25;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; + 6.0.5;6;0;5;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; + 5.0.87;5;0;87;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; + 5.1.40;5;1;40;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; + 1.9.8;1;9;8;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; + 5.0.89;5;0;89;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; + 5.1.42;5;1;42;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; + 5.5.-1;5;5;-1;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; + 5.0.50;5;0;50;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; + 37.1.0;37;1;0;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; + 5.0.92;5;0;92;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; + 5.1.49;5;1;49;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; + 5.1.47;5;1;47;CVE-2010-2008;Candidate;"MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot); .. (dot dot); ../ (dot dot slash) or similar sequence; and an UPGRADE DATA DIRECTORY NAME command; which causes MySQL to move certain directories to the server data directory.";"CONFIRM:http://bugs.mysql.com/bug.php?id=53804 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html | FEDORA:FEDORA-2010-11135 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html | MANDRIVA:MDVSA-2010:155 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:41198 | URL:http://www.securityfocus.com/bid/41198 | OVAL:oval:org.mitre.oval:def:11869 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11869 | SECTRACK:1024160 | URL:http://www.securitytracker.com/id?1024160 | SECUNIA:40333 | URL:http://secunia.com/advisories/40333 | SECUNIA:40762 | URL:http://secunia.com/advisories/40762 | VUPEN:ADV-2010-1918 | URL:http://www.vupen.com/english/advisories/2010/1918";Assigned (20100521);"None (candidate not yet proposed)"; + 5.0.91;5;0;91;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; + 5.1.50;5;1;50;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; + 5.5.5;5;5;5;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; + 5.0.91;5;0;91;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; + 5.1.50;5;1;50;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; + 5.5.5;5;5;5;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; + 5.1.50;5;1;50;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; + 5.5.5;5;5;5;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; + 5.0.91;5;0;91;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; + 5.1.50;5;1;50;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; + 5.5.5;5;5;5;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; + 5.0.91;5;0;91;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; + 5.1.50;5;1;50;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; + 5.5.5;5;5;5;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; + 5.0.91;5;0;91;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; + 5.1.50;5;1;50;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; + 5.5.5;5;5;5;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; + 5.1.50;5;1;50;CVE-2010-3840;Candidate;"The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.";"MISC:http://lists.mysql.com/commits/117094 | CONFIRM:http://bugs.mysql.com/bug.php?id=51875 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640865 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0824 | URL:http://www.redhat.com/support/errata/RHSA-2010-0824.html | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-gislinestringinitfromwkb-dos(64838) | URL:http://xforce.iss.net/xforce/xfdb/64838";Assigned (20101007);"None (candidate not yet proposed)"; + 0.9.3;0;9;3;CVE-2011-0432;Candidate;"Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.";"CONFIRM:http://code.google.com/p/pywebdav/updates/list | CONFIRM:http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=677718 | DEBIAN:DSA-2177 | URL:http://www.debian.org/security/2011/dsa-2177 | FEDORA:FEDORA-2011-2427 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html | FEDORA:FEDORA-2011-2460 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html | FEDORA:FEDORA-2011-2470 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html | BID:46655 | URL:http://www.securityfocus.com/bid/46655 | SECUNIA:43571 | URL:http://secunia.com/advisories/43571 | SECUNIA:43602 | URL:http://secunia.com/advisories/43602 | SECUNIA:43703 | URL:http://secunia.com/advisories/43703 | VUPEN:ADV-2011-0553 | URL:http://www.vupen.com/english/advisories/2011/0553 | VUPEN:ADV-2011-0554 | URL:http://www.vupen.com/english/advisories/2011/0554 | VUPEN:ADV-2011-0634 | URL:http://www.vupen.com/english/advisories/2011/0634";Assigned (20110112);"None (candidate not yet proposed)"; + 5.1.62;5;1;62;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:http://xforce.iss.net/xforce/xfdb/77061";Assigned (20120111);"None (candidate not yet proposed)"; + 5.5.23;5;5;23;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:http://xforce.iss.net/xforce/xfdb/77061";Assigned (20120111);"None (candidate not yet proposed)"; + 5.1.66;5;1;66;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; + 5.1.66;5;1;66;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17266 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17266 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17266 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17266 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2012-0578;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16947 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16947 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; + 5.1.60;5;1;60;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53061 | URL:http://www.securityfocus.com/bid/53061 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; + 5.5.19;5;5;19;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53061 | URL:http://www.securityfocus.com/bid/53061 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; + 5.1.61;5;1;61;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53067 | URL:http://www.securityfocus.com/bid/53067 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; + 5.5.21;5;5;21;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53067 | URL:http://www.securityfocus.com/bid/53067 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; + 5.1.62;5;1;62;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54547 | URL:http://www.securityfocus.com/bid/54547 | OSVDB:83980 | URL:http://osvdb.org/83980 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:http://xforce.iss.net/xforce/xfdb/77065";Assigned (20120316);"None (candidate not yet proposed)"; + 5.5.22;5;5;22;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54547 | URL:http://www.securityfocus.com/bid/54547 | OSVDB:83980 | URL:http://osvdb.org/83980 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:http://xforce.iss.net/xforce/xfdb/77065";Assigned (20120316);"None (candidate not yet proposed)"; + 5.1.61;5;1;61;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53074 | URL:http://www.securityfocus.com/bid/53074 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; + 5.5.21;5;5;21;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53074 | URL:http://www.securityfocus.com/bid/53074 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; + 5.5.19;5;5;19;CVE-2012-1696;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53071 | URL:http://www.securityfocus.com/bid/53071 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; + 5.5.21;5;5;21;CVE-2012-1697;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53064 | URL:http://www.securityfocus.com/bid/53064 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; + 5.1.66;5;1;66;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17186 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17186 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17186 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17186 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; + 5.1.61;5;1;61;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53058 | URL:http://www.securityfocus.com/bid/53058 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; + 5.5.21;5;5;21;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53058 | URL:http://www.securityfocus.com/bid/53058 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; + 5.1.66;5;1;66;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17268 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17268 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17268 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17268 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; + 5.1.62;5;1;62;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54540 | URL:http://www.securityfocus.com/bid/54540 | OSVDB:83979 | URL:http://osvdb.org/83979 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:http://xforce.iss.net/xforce/xfdb/77064";Assigned (20120316);"None (candidate not yet proposed)"; + 5.5.23;5;5;23;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54540 | URL:http://www.securityfocus.com/bid/54540 | OSVDB:83979 | URL:http://osvdb.org/83979 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:http://xforce.iss.net/xforce/xfdb/77064";Assigned (20120316);"None (candidate not yet proposed)"; + 5.5.23;5;5;23;CVE-2012-1735;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54549 | URL:http://www.securityfocus.com/bid/54549 | OSVDB:83975 | URL:http://osvdb.org/83975 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-serveroptimizer-dos(77060) | URL:http://xforce.iss.net/xforce/xfdb/77060";Assigned (20120316);"None (candidate not yet proposed)"; + 5.5.23;5;5;23;CVE-2012-1756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54524 | URL:http://www.securityfocus.com/bid/54524 | OSVDB:83978 | URL:http://osvdb.org/83978 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-server1-dos(77063) | URL:http://xforce.iss.net/xforce/xfdb/77063";Assigned (20120316);"None (candidate not yet proposed)"; + 5.5.23;5;5;23;CVE-2012-1757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54526 | URL:http://www.securityfocus.com/bid/54526 | OSVDB:83977 | URL:http://osvdb.org/83977 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-innodb1-dos(77062) | URL:http://xforce.iss.net/xforce/xfdb/77062";Assigned (20120316);"None (candidate not yet proposed)"; + 5.1.61;5;1;61;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; + 5.5.21;5;5;21;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; + 97.15.14;97;15;14;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; + 5.5.26;5;5;26;CVE-2012-3144;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-server-cve20123144-dos(79387) | URL:http://xforce.iss.net/xforce/xfdb/79387";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.26;5;5;26;CVE-2012-3147;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-cve20123147(79384) | URL:http://xforce.iss.net/xforce/xfdb/79384";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.26;5;5;26;CVE-2012-3149;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-info-disc(79390) | URL:http://xforce.iss.net/xforce/xfdb/79390";Assigned (20120606);"None (candidate not yet proposed)"; + 5.1.64;5;1;64;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-opt-dos(79388) | URL:http://xforce.iss.net/xforce/xfdb/79388";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.26;5;5;26;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-opt-dos(79388) | URL:http://xforce.iss.net/xforce/xfdb/79388";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.25;5;5;25;CVE-2012-3156;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177";Assigned (20120606);"None (candidate not yet proposed)"; + 5.1.64;5;1;64;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-protocol-cve20123158(79382) | URL:http://xforce.iss.net/xforce/xfdb/79382";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.26;5;5;26;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-protocol-cve20123158(79382) | URL:http://xforce.iss.net/xforce/xfdb/79382";Assigned (20120606);"None (candidate not yet proposed)"; + 5.1.65;5;1;65;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:http://xforce.iss.net/xforce/xfdb/79394";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.27;5;5;27;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:http://xforce.iss.net/xforce/xfdb/79394";Assigned (20120606);"None (candidate not yet proposed)"; + 5.1.64;5;1;64;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:http://xforce.iss.net/xforce/xfdb/79381";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.26;5;5;26;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:http://xforce.iss.net/xforce/xfdb/79381";Assigned (20120606);"None (candidate not yet proposed)"; + 5.1.63;5;1;63;CVE-2012-3166;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.25;5;5;25;CVE-2012-3166;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120606);"None (candidate not yet proposed)"; + 5.1.63;5;1;63;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:http://xforce.iss.net/xforce/xfdb/79392";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.25;5;5;25;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:http://xforce.iss.net/xforce/xfdb/79392";Assigned (20120606);"None (candidate not yet proposed)"; + 5.1.63;5;1;63;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-innodbplugin-dos(79386) | URL:http://xforce.iss.net/xforce/xfdb/79386";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.25;5;5;25;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-innodbplugin-dos(79386) | URL:http://xforce.iss.net/xforce/xfdb/79386";Assigned (20120606);"None (candidate not yet proposed)"; + 5.1.65;5;1;65;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-server-dos(79383) | URL:http://xforce.iss.net/xforce/xfdb/79383";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.27;5;5;27;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-server-dos(79383) | URL:http://xforce.iss.net/xforce/xfdb/79383";Assigned (20120606);"None (candidate not yet proposed)"; + 5.1.65;5;1;65;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:http://xforce.iss.net/xforce/xfdb/79389";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.27;5;5;27;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:http://xforce.iss.net/xforce/xfdb/79389";Assigned (20120606);"None (candidate not yet proposed)"; + 5.1.64;5;1;64;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:http://xforce.iss.net/xforce/xfdb/79393";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.26;5;5;26;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:http://xforce.iss.net/xforce/xfdb/79393";Assigned (20120606);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; + 5.1.61;5;1;61;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; + 5.2.11;5;2;11;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; + 5.3.6;5;3;6;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; + 5.5.24;5;5;24;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; + 5.1.65;5;1;65;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; + 5.5.27;5;5;27;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2012-5096;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16877 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16877 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120922);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2013-0367;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17077 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17077 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2013-0368;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17255 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17255 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2013-0371;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16451 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16451 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.1.66;5;1;66;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17175 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17175 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.1.28;5;1;28;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17175 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17175 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.1.66;5;1;66;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16758 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16758 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16758 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16758 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.1.66;5;1;66;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16632 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16632 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16632 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16632 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.1.66;5;1;66;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16267 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16267 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16267 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16267 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2013-0386;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16835 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16835 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.1.66;5;1;66;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16825 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16825 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16825 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16825 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; + 5.5.30;5;5;30;CVE-2013-1502;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.6.9;5;6;9;CVE-2013-1502;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.1.67;5;1;67;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.5.29;5;5;29;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.6.10;5;6;10;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.1.67;5;1;67;CVE-2013-1521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.5.29;5;5;29;CVE-2013-1521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.5.29;5;5;29;CVE-2013-1523;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.6.10;5;6;10;CVE-2013-1523;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.5.29;5;5;29;CVE-2013-1526;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.1.66;5;1;66;CVE-2013-1531;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.5.28;5;5;28;CVE-2013-1531;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.1.63;5;1;63;CVE-2013-1548;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.1.67;5;1;67;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.5.29;5;5;29;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; + 5.5.29;5;5;29;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; + 5.3.12;5;3;12;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; + 5.2.14;5;2;14;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; + 5.1.67;5;1;67;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; + 5.1.68;5;1;68;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; + 5.5.30;5;5;30;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; + 5.6.10;5;6;10;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; + 5.6.10;5;6;10;CVE-2013-2381;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; + 5.1.68;5;1;68;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; + 5.5.30;5;5;30;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; + 5.6.10;5;6;10;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; + 5.1.68;5;1;68;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; + 5.5.30;5;5;30;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; + 5.6.10;5;6;10;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; + 5.5.31;5;5;31;CVE-2013-3783;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61210 | URL:http://www.securityfocus.com/bid/61210 | OSVDB:95332 | URL:http://osvdb.org/95332 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133783(85719) | URL:http://xforce.iss.net/xforce/xfdb/85719";Assigned (20130603);"None (candidate not yet proposed)"; + 5.5.31;5;5;31;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61264 | URL:http://www.securityfocus.com/bid/61264 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:http://xforce.iss.net/xforce/xfdb/85710";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.11;5;6;11;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61264 | URL:http://www.securityfocus.com/bid/61264 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:http://xforce.iss.net/xforce/xfdb/85710";Assigned (20130603);"None (candidate not yet proposed)"; + 5.5.30;5;5;30;CVE-2013-3794;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61222 | URL:http://www.securityfocus.com/bid/61222 | OSVDB:95333 | URL:http://osvdb.org/95333";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.10;5;6;10;CVE-2013-3794;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61222 | URL:http://www.securityfocus.com/bid/61222 | OSVDB:95333 | URL:http://osvdb.org/95333";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.11;5;6;11;CVE-2013-3795;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61241 | URL:http://www.securityfocus.com/bid/61241 | OSVDB:95324 | URL:http://osvdb.org/95324";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.11;5;6;11;CVE-2013-3796;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61233 | URL:http://www.securityfocus.com/bid/61233 | OSVDB:95329 | URL:http://osvdb.org/95329";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.11;5;6;11;CVE-2013-3798;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61274 | URL:http://www.securityfocus.com/bid/61274 | OSVDB:95321 | URL:http://osvdb.org/95321";Assigned (20130603);"None (candidate not yet proposed)"; + 5.5.30;5;5;30;CVE-2013-3801;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61269 | URL:http://www.securityfocus.com/bid/61269 | OSVDB:95331 | URL:http://osvdb.org/95331";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.10;5;6;10;CVE-2013-3801;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61269 | URL:http://www.securityfocus.com/bid/61269 | OSVDB:95331 | URL:http://osvdb.org/95331";Assigned (20130603);"None (candidate not yet proposed)"; + 5.1.69;5;1;69;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:http://xforce.iss.net/xforce/xfdb/85712";Assigned (20130603);"None (candidate not yet proposed)"; + 5.5.31;5;5;31;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:http://xforce.iss.net/xforce/xfdb/85712";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.11;5;6;11;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:http://xforce.iss.net/xforce/xfdb/85712";Assigned (20130603);"None (candidate not yet proposed)"; + 5.1.69;5;1;69;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:http://xforce.iss.net/xforce/xfdb/85715";Assigned (20130603);"None (candidate not yet proposed)"; + 5.5.31;5;5;31;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:http://xforce.iss.net/xforce/xfdb/85715";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.11;5;6;11;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:http://xforce.iss.net/xforce/xfdb/85715";Assigned (20130603);"None (candidate not yet proposed)"; + 5.5.30;5;5;30;CVE-2013-3805;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95327 | URL:http://osvdb.org/95327";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.10;5;6;10;CVE-2013-3805;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95327 | URL:http://osvdb.org/95327";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.11;5;6;11;CVE-2013-3806;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3811.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95326 | URL:http://osvdb.org/95326 | XF:oracle-cpujuly2013-cve20133806(85713) | URL:http://xforce.iss.net/xforce/xfdb/85713";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.11;5;6;11;CVE-2013-3807;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95334 | URL:http://osvdb.org/95334 | XF:oracle-cpujuly2013-cve20133807(85721) | URL:http://xforce.iss.net/xforce/xfdb/85721";Assigned (20130603);"None (candidate not yet proposed)"; + 5.1.68;5;1;68;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:http://xforce.iss.net/xforce/xfdb/85717";Assigned (20130603);"None (candidate not yet proposed)"; + 5.5.30;5;5;30;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:http://xforce.iss.net/xforce/xfdb/85717";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.10;5;6;10;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:http://xforce.iss.net/xforce/xfdb/85717";Assigned (20130603);"None (candidate not yet proposed)"; + 5.5.31;5;5;31;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:http://xforce.iss.net/xforce/xfdb/85709";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.11;5;6;11;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:http://xforce.iss.net/xforce/xfdb/85709";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.11;5;6;11;CVE-2013-3810;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95337 | URL:http://osvdb.org/95337 | XF:oracle-cpujuly2013-cve20133810(85724) | URL:http://xforce.iss.net/xforce/xfdb/85724";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.11;5;6;11;CVE-2013-3811;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3806.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95335 | URL:http://osvdb.org/95335 | XF:oracle-cpujuly2013-cve20133811(85722) | URL:http://xforce.iss.net/xforce/xfdb/85722";Assigned (20130603);"None (candidate not yet proposed)"; + 5.5.31;5;5;31;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:http://xforce.iss.net/xforce/xfdb/85723";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.11;5;6;11;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:http://xforce.iss.net/xforce/xfdb/85723";Assigned (20130603);"None (candidate not yet proposed)"; + 5.1.70;5;1;70;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; + 5.5.32;5;5;32;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.12;5;6;12;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; + 5.6.12;5;6;12;CVE-2013-5767;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63113 | URL:http://www.securityfocus.com/bid/63113 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; + 5.6.11;5;6;11;CVE-2013-5770;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63119 | URL:http://www.securityfocus.com/bid/63119 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; + 5.6.12;5;6;12;CVE-2013-5786;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5793.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63107 | URL:http://www.securityfocus.com/bid/63107 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; + 5.6.12;5;6;12;CVE-2013-5793;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5786.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63116 | URL:http://www.securityfocus.com/bid/63116 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; + 5.5.32;5;5;32;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63105 | URL:http://www.securityfocus.com/bid/63105 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; + 5.6.12;5;6;12;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63105 | URL:http://www.securityfocus.com/bid/63105 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; + 5.6.14;5;6;14;CVE-2013-5860;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64864 | URL:http://www.securityfocus.com/bid/64864 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135860(90373) | URL:http://xforce.iss.net/xforce/xfdb/90373";Assigned (20130918);"None (candidate not yet proposed)"; + 5.6.14;5;6;14;CVE-2013-5881;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2014-0431.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64885 | URL:http://www.securityfocus.com/bid/64885 | OSVDB:102066 | URL:http://osvdb.org/102066 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135881(90377) | URL:http://xforce.iss.net/xforce/xfdb/90377";Assigned (20130918);"None (candidate not yet proposed)"; + 5.6.13;5;6;13;CVE-2013-5882;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64854 | URL:http://www.securityfocus.com/bid/64854 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135882(90374) | URL:http://xforce.iss.net/xforce/xfdb/90374";Assigned (20130918);"None (candidate not yet proposed)"; + 5.5.33;5;5;33;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; + 5.6.13;5;6;13;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; + 5.6.13;5;6;13;CVE-2013-5894;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64873 | URL:http://www.securityfocus.com/bid/64873 | OSVDB:102065 | URL:http://osvdb.org/102065 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135894(90376) | URL:http://xforce.iss.net/xforce/xfdb/90376";Assigned (20130918);"None (candidate not yet proposed)"; + 5.1.72;5;1;72;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; + 5.5.34;5;5;34;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; + 5.6.14;5;6;14;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; + 5.5.34;5;5;34;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; + 02.565.63;02;565;63;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; + 5.5.35;5;5;35;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20131212);"None (candidate not yet proposed)"; + 5.6.15;5;6;15;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20131212);"None (candidate not yet proposed)"; + 5.1.71;5;1;71;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; + 5.5.33;5;5;33;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; + 5.6.13;5;6;13;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; + 5.1.71;5;1;71;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; + 5.5.33;5;5;33;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; + 5.6.13;5;6;13;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; + 5.1.72;5;1;72;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; + 5.5.34;5;5;34;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; + 5.6.14;5;6;14;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; + 5.1.71;5;1;71;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; + 5.5.33;5;5;33;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; + 5.6.13;5;6;13;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; + 5.1.72;5;1;72;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; + 5.5.34;5;5;34;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; + 5.6.14;5;6;14;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; + 5.5.34;5;5;34;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; + 5.6.14;5;6;14;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; + 5.6.13;5;6;13;CVE-2014-0427;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64868 | URL:http://www.securityfocus.com/bid/64868 | OSVDB:102072 | URL:http://osvdb.org/102072 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140427(90383) | URL:http://xforce.iss.net/xforce/xfdb/90383";Assigned (20131212);"None (candidate not yet proposed)"; + 5.6.13;5;6;13;CVE-2014-0430;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64893 | URL:http://www.securityfocus.com/bid/64893 | OSVDB:102076 | URL:http://osvdb.org/102076 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140430(90387) | URL:http://xforce.iss.net/xforce/xfdb/90387";Assigned (20131212);"None (candidate not yet proposed)"; + 5.6.14;5;6;14;CVE-2014-0431;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5881.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64897 | URL:http://www.securityfocus.com/bid/64897 | OSVDB:102073 | URL:http://osvdb.org/102073 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140431(90384) | URL:http://xforce.iss.net/xforce/xfdb/90384";Assigned (20131212);"None (candidate not yet proposed)"; + 5.6.13;5;6;13;CVE-2014-0433;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64895 | URL:http://www.securityfocus.com/bid/64895 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140433(90375) | URL:http://xforce.iss.net/xforce/xfdb/90375";Assigned (20131212);"None (candidate not yet proposed)"; + 5.1.72;5;1;72;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; + 5.5.34;5;5;34;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; + 5.6.14;5;6;14;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; + 5.5.35;5;5;35;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; + 5.6.15;5;6;15;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; + 5.5.36;5;5;36;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; + 5.6.16;5;6;16;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; + 5.5.36;5;5;36;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; + 5.6.16;5;6;16;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; + 5.5.35;5;5;35;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; + 5.6.15;5;6;15;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; + 5.6.15;5;6;15;CVE-2014-2434;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66872 | URL:http://www.securityfocus.com/bid/66872";Assigned (20140313);"None (candidate not yet proposed)"; + 5.6.16;5;6;16;CVE-2014-2435;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66853 | URL:http://www.securityfocus.com/bid/66853";Assigned (20140313);"None (candidate not yet proposed)"; + 5.5.36;5;5;36;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; + 5.6.16;5;6;16;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; + 5.5.35;5;5;35;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; + 5.6.15;5;6;15;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; + 5.6.15;5;6;15;CVE-2014-2442;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; + 5.6.15;5;6;15;CVE-2014-2444;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; + 5.6.15;5;6;15;CVE-2014-2450;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; + 5.6.15;5;6;15;CVE-2014-2451;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; + 5.6.17;5;6;17;CVE-2014-2484;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRFTS.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; + 5.5.37;5;5;37;CVE-2014-2494;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; + 5.5.37;5;5;37;CVE-2014-4207;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68593 | URL:http://www.securityfocus.com/bid/68593 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144207(94624) | URL:http://xforce.iss.net/xforce/xfdb/94624";Assigned (20140617);"None (candidate not yet proposed)"; + 5.6.17;5;6;17;CVE-2014-4214;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68607 | URL:http://www.securityfocus.com/bid/68607 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144214(94627) | URL:http://xforce.iss.net/xforce/xfdb/94627";Assigned (20140617);"None (candidate not yet proposed)"; + 5.6.17;5;6;17;CVE-2014-4233;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68598 | URL:http://www.securityfocus.com/bid/68598 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144233(94625) | URL:http://xforce.iss.net/xforce/xfdb/94625";Assigned (20140617);"None (candidate not yet proposed)"; + 5.6.17;5;6;17;CVE-2014-4238;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68587 | URL:http://www.securityfocus.com/bid/68587 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144238(94623) | URL:http://xforce.iss.net/xforce/xfdb/94623";Assigned (20140617);"None (candidate not yet proposed)"; + 5.6.17;5;6;17;CVE-2014-4240;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68602 | URL:http://www.securityfocus.com/bid/68602 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144240(94626) | URL:http://xforce.iss.net/xforce/xfdb/94626";Assigned (20140617);"None (candidate not yet proposed)"; + 5.5.35;5;5;35;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; + 5.6.15;5;6;15;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; + 5.5.37;5;5;37;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; + 5.6.17;5;6;17;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; + 5.5.37;5;5;37;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; + 5.6.17;5;6;17;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; + 5.5.38;5;5;38;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; + 5.6.19;5;6;19;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; + 5.5.38;5;5;38;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; + 5.6.19;5;6;19;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; + 5.5.38;5;5;38;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70532 | URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.19;5;6;19;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70532 | URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.39;5;5;39;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70451 | URL:http://www.securityfocus.com/bid/70451 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.20;5;6;20;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70451 | URL:http://www.securityfocus.com/bid/70451 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.39;5;5;39;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70446 | URL:http://www.securityfocus.com/bid/70446 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.20;5;6;20;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70446 | URL:http://www.securityfocus.com/bid/70446 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.19;5;6;19;CVE-2014-6474;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.38;5;5;38;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70489 | URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.19;5;6;19;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70489 | URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.38;5;5;38;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70455 | URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.19;5;6;19;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70455 | URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.19;5;6;19;CVE-2014-6489;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70525 | URL:http://www.securityfocus.com/bid/70525";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.39;5;5;39;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70444 | URL:http://www.securityfocus.com/bid/70444 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.20;5;6;20;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70444 | URL:http://www.securityfocus.com/bid/70444 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.39;5;5;39;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70497 | URL:http://www.securityfocus.com/bid/70497 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.20;5;6;20;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70497 | URL:http://www.securityfocus.com/bid/70497 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.38;5;5;38;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70496 | URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.19;5;6;19;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70496 | URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.39;5;5;39;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70469 | URL:http://www.securityfocus.com/bid/70469 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.20;5;6;20;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70469 | URL:http://www.securityfocus.com/bid/70469 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.39;5;5;39;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70478 | URL:http://www.securityfocus.com/bid/70478 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.20;5;6;20;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70478 | URL:http://www.securityfocus.com/bid/70478 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.38;5;5;38;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70516 | URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.19;5;6;19;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70516 | URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.39;5;5;39;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70550 | URL:http://www.securityfocus.com/bid/70550 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.20;5;6;20;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70550 | URL:http://www.securityfocus.com/bid/70550 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.38;5;5;38;CVE-2014-6520;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70510 | URL:http://www.securityfocus.com/bid/70510";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.38;5;5;38;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70486 | URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.19;5;6;19;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70486 | URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.38;5;5;38;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70462 | URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.19;5;6;19;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70462 | URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.39;5;5;39;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70530 | URL:http://www.securityfocus.com/bid/70530 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.20;5;6;20;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70530 | URL:http://www.securityfocus.com/bid/70530 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.39;5;5;39;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.20;5;6;20;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.19;5;6;19;CVE-2014-6564;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70511 | URL:http://www.securityfocus.com/bid/70511";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; + 5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; + 5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; + 5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; + 5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72229 | URL:http://www.securityfocus.com/bid/72229 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150385(100190) | URL:http://xforce.iss.net/xforce/xfdb/100190";Assigned (20141217);"None (candidate not yet proposed)"; + 5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.22;5;6;22;CVE-2015-0405;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72223 | URL:http://www.securityfocus.com/bid/72223 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150409(100188) | URL:http://xforce.iss.net/xforce/xfdb/100188";Assigned (20141217);"None (candidate not yet proposed)"; + 5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.22;5;6;22;CVE-2015-0423;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72217 | URL:http://www.securityfocus.com/bid/72217 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150432(100187) | URL:http://xforce.iss.net/xforce/xfdb/100187";Assigned (20141217);"None (candidate not yet proposed)"; + 5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.22;5;6;22;CVE-2015-0438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.22;5;6;22;CVE-2015-0439;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-4756.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74085 | URL:http://www.securityfocus.com/bid/74085 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.5.41;5;5;41;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.22;5;6;22;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-0498;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.5.42;5;5;42;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-0500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74081 | URL:http://www.securityfocus.com/bid/74081 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.5.42;5;5;42;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-0503;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.5.42;5;5;42;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-0506;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2015-0508.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-0507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-0508;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0506.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-0511;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; + 5.6.22;5;6;22;CVE-2015-2566;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-2567;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; + 5.5.41;5;5;41;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; + 5.6.22;5;6;22;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; + 5.5.42;5;5;42;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; + 5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; + 5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; + 5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75762 | URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75774 | URL:http://www.securityfocus.com/bid/75774";Assigned (20150320);"None (candidate not yet proposed)"; + 5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75760 | URL:http://www.securityfocus.com/bid/75760";Assigned (20150320);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75815 | URL:http://www.securityfocus.com/bid/75815";Assigned (20150320);"None (candidate not yet proposed)"; + 5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; + 5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75813 | URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)"; + 5.7.2;5;7;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; + 6.1.2;6;1;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; + 5.5.43;5;5;43;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; + 5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | BID:75785 | URL:http://www.securityfocus.com/bid/75785";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75770 | URL:http://www.securityfocus.com/bid/75770";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77232 | URL:http://www.securityfocus.com/bid/77232 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75844 | URL:http://www.securityfocus.com/bid/75844";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75753 | URL:http://www.securityfocus.com/bid/75753";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75835 | URL:http://www.securityfocus.com/bid/75835";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75781 | URL:http://www.securityfocus.com/bid/75781";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77213 | URL:http://www.securityfocus.com/bid/77213 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4800;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77216 | URL:http://www.securityfocus.com/bid/77216 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.45;5;5;45;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.45;5;5;45;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.44;5;5;44;CVE-2015-4816;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77134 | URL:http://www.securityfocus.com/bid/77134 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.44;5;5;44;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.25;5;6;25;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.45;5;5;45;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.45;5;5;45;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.25;5;6;25;CVE-2015-4833;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77170 | URL:http://www.securityfocus.com/bid/77170 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.45;5;5;45;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.45;5;5;45;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.45;5;5;45;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4862;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77147 | URL:http://www.securityfocus.com/bid/77147 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.43;5;5;43;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.24;5;6;24;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-4866;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77132 | URL:http://www.securityfocus.com/bid/77132 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.45;5;5;45;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.44;5;5;44;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.25;5;6;25;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4890;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77231 | URL:http://www.securityfocus.com/bid/77231 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.25;5;6;25;CVE-2015-4895;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77136 | URL:http://www.securityfocus.com/bid/77136 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.25;5;6;25;CVE-2015-4904;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77219 | URL:http://www.securityfocus.com/bid/77219 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.23;5;6;23;CVE-2015-4905;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77143 | URL:http://www.securityfocus.com/bid/77143 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77234 | URL:http://www.securityfocus.com/bid/77234 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; + 5.6.27;5;6;27;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; + 2.17.0;2;17;0;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; + 10.0.21;10;0;21;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; + 2.21.1;2;21;1;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; + 5.4.42;5;4;42;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; + 5.5.26;5;5;26;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; + 5.6.10;5;6;10;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; + 5.5.45;5;5;45;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; + 5.7.8;5;7;8;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; + 5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; + 10.0.22;10;0;22;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; + 10.1.9;10;1;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; + 5.5.46;5;5;46;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; + 10.0.22;10;0;22;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; + 10.1.9;10;1;9;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; + 5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; + 5.6.28;5;6;28;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; + 5.7.10;5;7;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; + 5.7.12;5;7;12;CVE-2016-3424;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91976 | URL:http://www.securityfocus.com/bid/91976";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.11;5;7;11;CVE-2016-3440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91910 | URL:http://www.securityfocus.com/bid/91910";Assigned (20160317);"None (candidate not yet proposed)"; + 5.5.47;5;5;47;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; + 5.6.28;5;6;28;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.9;5;7;9;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; + 5.5.48;5;5;48;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; + 10.0.24;10;0;24;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; + 10.1.13;10;1;13;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; + 5.6.29;5;6;29;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.11;5;7;11;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; + 10.0.24;10;0;24;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; + 10.1.13;10;1;13;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; + 3.0.25;3;0;25;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; + 3.1.2;3;1;2;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; + 5.5.45;5;5;45;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913";Assigned (20160317);"None (candidate not yet proposed)"; + 5.6.26;5;6;26;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913";Assigned (20160317);"None (candidate not yet proposed)"; + 5.5.48;5;5;48;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; + 5.6.29;5;6;29;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.11;5;7;11;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; + 5.5.49;5;5;49;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; + 10.0.25;10;0;25;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; + 10.1.14;10;1;14;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; + 5.6.30;5;6;30;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.12;5;7;12;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; + 5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; + 5.6.32;5;6;32;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.14;5;7;14;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-3495;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93670 | URL:http://www.securityfocus.com/bid/93670";Assigned (20160317);"None (candidate not yet proposed)"; + 5.6.30;5;6;30;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.12;5;7;12;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.12;5;7;12;CVE-2016-3518;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91967 | URL:http://www.securityfocus.com/bid/91967";Assigned (20160317);"None (candidate not yet proposed)"; + 5.5.48;5;5;48;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; + 5.6.29;5;6;29;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.11;5;7;11;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; + 5.5.49;5;5;49;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; + 10.0.25;10;0;25;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; + 10.1.14;10;1;14;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.12;5;7;12;CVE-2016-3588;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91983 | URL:http://www.securityfocus.com/bid/91983";Assigned (20160317);"None (candidate not yet proposed)"; + 5.6.30;5;6;30;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.12;5;7;12;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992";Assigned (20160317);"None (candidate not yet proposed)"; + 5.5.48;5;5;48;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; + 5.6.29;5;6;29;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.11;5;7;11;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; + 5.5.49;5;5;49;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; + 10.0.25;10;0;25;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; + 10.1.14;10;1;14;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; + 5.7.12;5;7;12;CVE-2016-5436;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91906 | URL:http://www.securityfocus.com/bid/91906";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.12;5;7;12;CVE-2016-5437;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91917 | URL:http://www.securityfocus.com/bid/91917";Assigned (20160616);"None (candidate not yet proposed)"; + 5.6.30;5;6;30;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.12;5;7;12;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969";Assigned (20160616);"None (candidate not yet proposed)"; + 5.5.48;5;5;48;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; + 5.6.29;5;6;29;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.11;5;7;11;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; + 5.5.49;5;5;49;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; + 10.0.25;10;0;25;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; + 10.1.14;10;1;14;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.12;5;7;12;CVE-2016-5441;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91915 | URL:http://www.securityfocus.com/bid/91915";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.12;5;7;12;CVE-2016-5442;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91974 | URL:http://www.securityfocus.com/bid/91974";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.12;5;7;12;CVE-2016-5443;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91963 | URL:http://www.securityfocus.com/bid/91963";Assigned (20160616);"None (candidate not yet proposed)"; + 5.5.47;5;5;47;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; + 5.6.28;5;6;28;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.10;5;7;10;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; + 5.5.48;5;5;48;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; + 10.0.24;10;0;24;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; + 10.1.13;10;1;13;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; + 5.6.32;5;6;32;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.14;5;7;14;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; + 5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; + 5.6.33;5;6;33;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.15;5;7;15;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.14;5;7;14;CVE-2016-5625;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Packaging.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93617 | URL:http://www.securityfocus.com/bid/93617";Assigned (20160616);"None (candidate not yet proposed)"; + 5.6.31;5;6;31;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93642 | URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93642 | URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-5628;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93662 | URL:http://www.securityfocus.com/bid/93662";Assigned (20160616);"None (candidate not yet proposed)"; + 5.5.51;5;5;51;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; + 5.6.32;5;6;32;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.14;5;7;14;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; + 5.6.31;5;6;31;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93674 | URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93674 | URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-5631;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93684 | URL:http://www.securityfocus.com/bid/93684";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.14;5;7;14;CVE-2016-5632;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93693 | URL:http://www.securityfocus.com/bid/93693";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-5633;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-8290.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93702 | URL:http://www.securityfocus.com/bid/93702";Assigned (20160616);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-5635;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93715 | URL:http://www.securityfocus.com/bid/93715";Assigned (20160616);"None (candidate not yet proposed)"; + 5.5.51;5;5;51;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; + 5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; + 5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; + 5.5.50;5;5;50;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; + 10.0.26;10;0;26;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; + 10.1.16;10;1;16;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; + 5.6.31;5;6;31;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; + 5.5.51;5;5;51;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; + 5.6.32;5;6;32;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; + 5.7.14;5;7;14;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; + 8.0.0;8;0;0;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; + 10.0.27;10;0;27;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; + 10.1.17;10;1;17;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; + 5.5.50;5;5;50;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; + 5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; + 5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; + 5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; + 5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; + 5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; + 5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; + 7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; + 5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; + 5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; + 5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; + 5.6.31;5;6;31;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93755 | URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93755 | URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; + 5.7.14;5;7;14;CVE-2016-8286;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93745 | URL:http://www.securityfocus.com/bid/93745";Assigned (20160926);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-8287;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93727 | URL:http://www.securityfocus.com/bid/93727";Assigned (20160926);"None (candidate not yet proposed)"; + 5.6.30;5;6;30;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93740 | URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; + 5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93740 | URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93720 | URL:http://www.securityfocus.com/bid/93720";Assigned (20160926);"None (candidate not yet proposed)"; + 5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93733 | URL:http://www.securityfocus.com/bid/93733";Assigned (20160926);"None (candidate not yet proposed)"; + 5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; + 5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; + 5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; + 5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; + 5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95538 | URL:http://www.securityfocus.com/bid/95538";Assigned (20161206);"None (candidate not yet proposed)"; + 5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; + 5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95482 | URL:http://www.securityfocus.com/bid/95482";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95486 | URL:http://www.securityfocus.com/bid/95486";Assigned (20161206);"None (candidate not yet proposed)"; + 5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; + 5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; + 5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; + 5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; + 5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; + 5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; + 5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; + 5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.54 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.54 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; -3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; -3.2.1182;3;2;1182;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; -3.3.2;3;3;2;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; -3.1.6;3;1;6;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844";Assigned (20161206);"None (candidate not yet proposed)"; -3.2.1182;3;2;1182;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844";Assigned (20161206);"None (candidate not yet proposed)"; -3.3.2;3;3;2;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; + +5.5.55;5;5;55;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +3.2.1182;3;2;1182;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +3.3.2;3;3;2;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +3.1.6;3;1;6;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +3.2.1182;3;2;1182;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +3.3.2;3;3;2;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.5.54;5;5;54;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + 5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; + 5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; + 5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; + 5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; + 5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; + 5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; + 5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; + 5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95479 | URL:http://www.securityfocus.com/bid/95479";Assigned (20161206);"None (candidate not yet proposed)"; + 5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95470 | URL:http://www.securityfocus.com/bid/95470";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97772 | URL:http://www.securityfocus.com/bid/97772";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97772 | URL:http://www.securityfocus.com/bid/97772";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97747 | URL:http://www.securityfocus.com/bid/97747";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97747 | URL:http://www.securityfocus.com/bid/97747";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3452;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97779 | URL:http://www.securityfocus.com/bid/97779";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3454;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97791 | URL:http://www.securityfocus.com/bid/97791";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97820 | URL:http://www.securityfocus.com/bid/97820";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3457;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97845 | URL:http://www.securityfocus.com/bid/97845";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3458;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97837 | URL:http://www.securityfocus.com/bid/97837";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3459;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97847 | URL:http://www.securityfocus.com/bid/97847";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3460;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97826 | URL:http://www.securityfocus.com/bid/97826";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3465;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97822 | URL:http://www.securityfocus.com/bid/97822";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3467;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97825 | URL:http://www.securityfocus.com/bid/97825";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3468;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97848 | URL:http://www.securityfocus.com/bid/97848";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97754 | URL:http://www.securityfocus.com/bid/97754";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97754 | URL:http://www.securityfocus.com/bid/97754";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765";Assigned (20161206);"None (candidate not yet proposed)"; + +5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.11;5;7;11;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97772 | URL:http://www.securityfocus.com/bid/97772 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97772 | URL:http://www.securityfocus.com/bid/97772 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3452;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97779 | URL:http://www.securityfocus.com/bid/97779 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.5.54;5;5;54;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3454;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97791 | URL:http://www.securityfocus.com/bid/97791 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97820 | URL:http://www.securityfocus.com/bid/97820 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.5.54;5;5;54;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3457;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97845 | URL:http://www.securityfocus.com/bid/97845 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3458;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97837 | URL:http://www.securityfocus.com/bid/97837 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3459;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97847 | URL:http://www.securityfocus.com/bid/97847 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3460;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97826 | URL:http://www.securityfocus.com/bid/97826 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.5.54;5;5;54;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.5.54;5;5;54;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.5.54;5;5;54;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.5.54;5;5;54;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3465;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97822 | URL:http://www.securityfocus.com/bid/97822 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3467;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97825 | URL:http://www.securityfocus.com/bid/97825 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3468;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97848 | URL:http://www.securityfocus.com/bid/97848 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97754 | URL:http://www.securityfocus.com/bid/97754 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97754 | URL:http://www.securityfocus.com/bid/97754 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.5.54;5;5;54;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.6.35;5;6;35;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + +5.7.17;5;7;17;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; + From d82ea4221545e511738de5e0e7dae13621cc6965 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Mon, 24 Jul 2017 15:12:36 +0200 Subject: [PATCH 050/102] Issue Performance Schema Issue #328 --- mysqltuner.pl | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 99c97b7..06093b9 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.2 +# mysqltuner.pl - Version 1.7.3 # High Performance MySQL Tuning Script # Copyright (C) 2006-2017 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.2"; +my $tunerversion = "1.7.3"; my ( @adjvars, @generalrec ); # Set defaults @@ -3329,7 +3329,8 @@ sub mysqsl_pfs { "Performance should be activated for better diagnostics" ); push( @adjvars, "performance_schema = ON enable PFS" ); } - else { + } else { + if ( mysql_version_le( 5, 5 ) ) { push( @generalrec, "Performance shouldn't be activated for MySQL and MariaDB 5.5 and lower version" ); @@ -6123,7 +6124,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.2 - MySQL High Performance Tuning Script + MySQLTuner 1.7.3 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From cf38192ddb5404ff9ca6d0724cf72de4841210f1 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Mon, 31 Jul 2017 14:22:20 +0200 Subject: [PATCH 051/102] variables not uninitialized #325 --- build/updateCVElist.pl | 2 +- vulnerabilities.csv | 653 ----------------------------------------- 2 files changed, 1 insertion(+), 654 deletions(-) diff --git a/build/updateCVElist.pl b/build/updateCVElist.pl index 17f8035..093c6a2 100644 --- a/build/updateCVElist.pl +++ b/build/updateCVElist.pl @@ -69,7 +69,7 @@ foreach my $line () { #print $vers."\n".Dumper @nb; #print "$line"; #exit 0 if ($line =~/before/i) ; - $f->write_file('file' => '../vulnerabilities.csv', 'content' => "$nb[0].$nb[1].$nb[2];$nb[0];$nb[1];$nb[2];$line\n", 'mode' => 'append'); + $f->write_file('file' => '../vulnerabilities.csv', 'content' => "$nb[0].$nb[1].$nb[2];$nb[0];$nb[1];$nb[2];$line", 'mode' => 'append'); } } } diff --git a/vulnerabilities.csv b/vulnerabilities.csv index c20e57c..d1cabb3 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -1,1306 +1,653 @@ 4.0.20;4;0;20;CVE-2004-0457;Candidate;"The mysqlhotcopy script in mysql 4.0.20 and earlier; when using the scp method from the mysql-server package; allows local users to overwrite arbitrary files via a symlink attack on temporary files.";"DEBIAN:DSA-540 | URL:http://www.debian.org/security/2004/dsa-540 | CONFIRM:http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | OVAL:oval:org.mitre.oval:def:10693 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10693 | XF:mysql-mysqlhotcopy-insecure-file(17030) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17030";Assigned (20040506);"None (candidate not yet proposed)"; - 4.0.20;4;0;20;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17047";Assigned (20040908);"None (candidate not yet proposed)"; - 3.23.48;3;23;48;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17047";Assigned (20040908);"None (candidate not yet proposed)"; - 4.1.9;4;1;9;CVE-2005-0799;Candidate;"MySQL 4.1.9; and possibly earlier versions; allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.";"BUGTRAQ:20050315 Denial of Service Vulnerability in MySQL Server for Windows | URL:http://marc.info/?l=bugtraq&m=111091250923281&w=2 | CONFIRM:http://bugs.mysql.com/bug.php?id=9148 | SECUNIA:14564 | URL:http://secunia.com/advisories/14564";Assigned (20050320);"None (candidate not yet proposed)"; - 4.1.20;4;1;20;CVE-2006-3469;Candidate;"Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function; which is later used in a formatted print call to display the error message.";"MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 | MISC:http://bugs.mysql.com/bug.php?id=20729 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html | CONFIRM:http://docs.info.apple.com/article.html?artnum=305214 | APPLE:APPLE-SA-2007-03-13 | URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | DEBIAN:DSA-1112 | URL:http://www.debian.org/security/2006/dsa-1112 | GENTOO:GLSA-200608-09 | URL:http://security.gentoo.org/glsa/glsa-200608-09.xml | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | UBUNTU:USN-321-1 | URL:http://www.ubuntu.com/usn/usn-321-1 | CERT:TA07-072A | URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html | BID:19032 | URL:http://www.securityfocus.com/bid/19032 | OVAL:oval:org.mitre.oval:def:9827 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9827 | VUPEN:ADV-2007-0930 | URL:http://www.vupen.com/english/advisories/2007/0930 | SECUNIA:21147 | URL:http://secunia.com/advisories/21147 | SECUNIA:21366 | URL:http://secunia.com/advisories/21366 | SECUNIA:24479 | URL:http://secunia.com/advisories/24479 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226";Assigned (20060710);"None (candidate not yet proposed)"; - 4.1.22;4;1;22;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; - 5.0.41;5;0;41;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; - 5.1.17;5;1;17;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; - 5.0.44;5;0;44;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; - 5.0.39;5;0;39;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; - 5.1.17;5;1;17;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; - 5.0.44;5;0;44;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; - 5.0.44;5;0;44;CVE-2007-3780;Candidate;"MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=28984 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2007:0875 | URL:http://www.redhat.com/support/errata/RHSA-2007-0875.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:36732 | URL:http://osvdb.org/36732 | OVAL:oval:org.mitre.oval:def:11058 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11058 | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | SECTRACK:1018629 | URL:http://www.securitytracker.com/id?1018629 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26621 | URL:http://secunia.com/advisories/26621 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823";Assigned (20070715);"None (candidate not yet proposed)"; - 5.0.44;5;0;44;CVE-2007-3781;Candidate;"MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement; which allows remote authenticated users to obtain sensitive information such as the table structure.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=25578 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:37783 | URL:http://osvdb.org/37783 | OVAL:oval:org.mitre.oval:def:9195 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9195 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; - 5.0.44;5;0;44;CVE-2007-3782;Candidate;"MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://bugs.mysql.com/bug.php?id=27878 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OVAL:oval:org.mitre.oval:def:10563 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10563 | SECTRACK:1018663 | URL:http://securitytracker.com/id?1018663 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; - 5.0.50;5;0;50;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; - 5.0.51;5;0;51;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; - 5.1.22;5;1;22;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; - 6.0.3;6;0;3;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; - 5.0.50;5;0;50;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; - 5.1.22;5;1;22;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; - 6.0.3;6;0;3;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; - 5.0.50;5;0;50;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; - 5.1.22;5;1;22;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; - 6.0.3;6;0;3;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; - 5.1.22;5;1;22;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; - 6.0.3;6;0;3;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; - 5.0.65;5;0;65;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; - 5.1.25;5;1;25;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; - 6.0.5;6;0;5;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; - 5.0.87;5;0;87;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; - 5.1.40;5;1;40;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; - 1.9.8;1;9;8;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; - 5.0.89;5;0;89;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; - 5.1.42;5;1;42;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; - 5.5.-1;5;5;-1;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; - 5.0.50;5;0;50;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; - 37.1.0;37;1;0;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; - 5.0.92;5;0;92;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; - 5.1.49;5;1;49;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; - 5.1.47;5;1;47;CVE-2010-2008;Candidate;"MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot); .. (dot dot); ../ (dot dot slash) or similar sequence; and an UPGRADE DATA DIRECTORY NAME command; which causes MySQL to move certain directories to the server data directory.";"CONFIRM:http://bugs.mysql.com/bug.php?id=53804 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html | FEDORA:FEDORA-2010-11135 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html | MANDRIVA:MDVSA-2010:155 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:41198 | URL:http://www.securityfocus.com/bid/41198 | OVAL:oval:org.mitre.oval:def:11869 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11869 | SECTRACK:1024160 | URL:http://www.securitytracker.com/id?1024160 | SECUNIA:40333 | URL:http://secunia.com/advisories/40333 | SECUNIA:40762 | URL:http://secunia.com/advisories/40762 | VUPEN:ADV-2010-1918 | URL:http://www.vupen.com/english/advisories/2010/1918";Assigned (20100521);"None (candidate not yet proposed)"; - 5.0.91;5;0;91;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; - 5.1.50;5;1;50;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; - 5.5.5;5;5;5;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; - 5.0.91;5;0;91;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; - 5.1.50;5;1;50;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; - 5.5.5;5;5;5;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; - 5.1.50;5;1;50;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; - 5.5.5;5;5;5;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; - 5.0.91;5;0;91;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; - 5.1.50;5;1;50;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; - 5.5.5;5;5;5;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; - 5.0.91;5;0;91;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; - 5.1.50;5;1;50;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; - 5.5.5;5;5;5;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; - 5.0.91;5;0;91;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; - 5.1.50;5;1;50;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; - 5.5.5;5;5;5;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; - 5.1.50;5;1;50;CVE-2010-3840;Candidate;"The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.";"MISC:http://lists.mysql.com/commits/117094 | CONFIRM:http://bugs.mysql.com/bug.php?id=51875 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640865 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0824 | URL:http://www.redhat.com/support/errata/RHSA-2010-0824.html | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-gislinestringinitfromwkb-dos(64838) | URL:http://xforce.iss.net/xforce/xfdb/64838";Assigned (20101007);"None (candidate not yet proposed)"; - 0.9.3;0;9;3;CVE-2011-0432;Candidate;"Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.";"CONFIRM:http://code.google.com/p/pywebdav/updates/list | CONFIRM:http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=677718 | DEBIAN:DSA-2177 | URL:http://www.debian.org/security/2011/dsa-2177 | FEDORA:FEDORA-2011-2427 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html | FEDORA:FEDORA-2011-2460 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html | FEDORA:FEDORA-2011-2470 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html | BID:46655 | URL:http://www.securityfocus.com/bid/46655 | SECUNIA:43571 | URL:http://secunia.com/advisories/43571 | SECUNIA:43602 | URL:http://secunia.com/advisories/43602 | SECUNIA:43703 | URL:http://secunia.com/advisories/43703 | VUPEN:ADV-2011-0553 | URL:http://www.vupen.com/english/advisories/2011/0553 | VUPEN:ADV-2011-0554 | URL:http://www.vupen.com/english/advisories/2011/0554 | VUPEN:ADV-2011-0634 | URL:http://www.vupen.com/english/advisories/2011/0634";Assigned (20110112);"None (candidate not yet proposed)"; - 5.1.62;5;1;62;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:http://xforce.iss.net/xforce/xfdb/77061";Assigned (20120111);"None (candidate not yet proposed)"; - 5.5.23;5;5;23;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:http://xforce.iss.net/xforce/xfdb/77061";Assigned (20120111);"None (candidate not yet proposed)"; - 5.1.66;5;1;66;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; - 5.1.66;5;1;66;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17266 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17266 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17266 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17266 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2012-0578;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16947 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16947 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; - 5.1.60;5;1;60;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53061 | URL:http://www.securityfocus.com/bid/53061 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; - 5.5.19;5;5;19;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53061 | URL:http://www.securityfocus.com/bid/53061 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; - 5.1.61;5;1;61;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53067 | URL:http://www.securityfocus.com/bid/53067 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; - 5.5.21;5;5;21;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53067 | URL:http://www.securityfocus.com/bid/53067 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; - 5.1.62;5;1;62;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54547 | URL:http://www.securityfocus.com/bid/54547 | OSVDB:83980 | URL:http://osvdb.org/83980 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:http://xforce.iss.net/xforce/xfdb/77065";Assigned (20120316);"None (candidate not yet proposed)"; - 5.5.22;5;5;22;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54547 | URL:http://www.securityfocus.com/bid/54547 | OSVDB:83980 | URL:http://osvdb.org/83980 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:http://xforce.iss.net/xforce/xfdb/77065";Assigned (20120316);"None (candidate not yet proposed)"; - 5.1.61;5;1;61;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53074 | URL:http://www.securityfocus.com/bid/53074 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; - 5.5.21;5;5;21;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53074 | URL:http://www.securityfocus.com/bid/53074 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; - 5.5.19;5;5;19;CVE-2012-1696;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53071 | URL:http://www.securityfocus.com/bid/53071 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; - 5.5.21;5;5;21;CVE-2012-1697;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53064 | URL:http://www.securityfocus.com/bid/53064 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; - 5.1.66;5;1;66;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17186 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17186 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17186 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17186 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; - 5.1.61;5;1;61;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53058 | URL:http://www.securityfocus.com/bid/53058 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; - 5.5.21;5;5;21;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53058 | URL:http://www.securityfocus.com/bid/53058 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; - 5.1.66;5;1;66;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17268 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17268 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17268 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17268 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; - 5.1.62;5;1;62;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54540 | URL:http://www.securityfocus.com/bid/54540 | OSVDB:83979 | URL:http://osvdb.org/83979 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:http://xforce.iss.net/xforce/xfdb/77064";Assigned (20120316);"None (candidate not yet proposed)"; - 5.5.23;5;5;23;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54540 | URL:http://www.securityfocus.com/bid/54540 | OSVDB:83979 | URL:http://osvdb.org/83979 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:http://xforce.iss.net/xforce/xfdb/77064";Assigned (20120316);"None (candidate not yet proposed)"; - 5.5.23;5;5;23;CVE-2012-1735;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54549 | URL:http://www.securityfocus.com/bid/54549 | OSVDB:83975 | URL:http://osvdb.org/83975 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-serveroptimizer-dos(77060) | URL:http://xforce.iss.net/xforce/xfdb/77060";Assigned (20120316);"None (candidate not yet proposed)"; - 5.5.23;5;5;23;CVE-2012-1756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54524 | URL:http://www.securityfocus.com/bid/54524 | OSVDB:83978 | URL:http://osvdb.org/83978 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-server1-dos(77063) | URL:http://xforce.iss.net/xforce/xfdb/77063";Assigned (20120316);"None (candidate not yet proposed)"; - 5.5.23;5;5;23;CVE-2012-1757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54526 | URL:http://www.securityfocus.com/bid/54526 | OSVDB:83977 | URL:http://osvdb.org/83977 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-innodb1-dos(77062) | URL:http://xforce.iss.net/xforce/xfdb/77062";Assigned (20120316);"None (candidate not yet proposed)"; - 5.1.61;5;1;61;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; - 5.5.21;5;5;21;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; - 97.15.14;97;15;14;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; - 5.5.26;5;5;26;CVE-2012-3144;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-server-cve20123144-dos(79387) | URL:http://xforce.iss.net/xforce/xfdb/79387";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.26;5;5;26;CVE-2012-3147;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-cve20123147(79384) | URL:http://xforce.iss.net/xforce/xfdb/79384";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.26;5;5;26;CVE-2012-3149;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-info-disc(79390) | URL:http://xforce.iss.net/xforce/xfdb/79390";Assigned (20120606);"None (candidate not yet proposed)"; - 5.1.64;5;1;64;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-opt-dos(79388) | URL:http://xforce.iss.net/xforce/xfdb/79388";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.26;5;5;26;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-opt-dos(79388) | URL:http://xforce.iss.net/xforce/xfdb/79388";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.25;5;5;25;CVE-2012-3156;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177";Assigned (20120606);"None (candidate not yet proposed)"; - 5.1.64;5;1;64;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-protocol-cve20123158(79382) | URL:http://xforce.iss.net/xforce/xfdb/79382";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.26;5;5;26;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-protocol-cve20123158(79382) | URL:http://xforce.iss.net/xforce/xfdb/79382";Assigned (20120606);"None (candidate not yet proposed)"; - 5.1.65;5;1;65;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:http://xforce.iss.net/xforce/xfdb/79394";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.27;5;5;27;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:http://xforce.iss.net/xforce/xfdb/79394";Assigned (20120606);"None (candidate not yet proposed)"; - 5.1.64;5;1;64;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:http://xforce.iss.net/xforce/xfdb/79381";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.26;5;5;26;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:http://xforce.iss.net/xforce/xfdb/79381";Assigned (20120606);"None (candidate not yet proposed)"; - 5.1.63;5;1;63;CVE-2012-3166;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.25;5;5;25;CVE-2012-3166;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120606);"None (candidate not yet proposed)"; - 5.1.63;5;1;63;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:http://xforce.iss.net/xforce/xfdb/79392";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.25;5;5;25;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:http://xforce.iss.net/xforce/xfdb/79392";Assigned (20120606);"None (candidate not yet proposed)"; - 5.1.63;5;1;63;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-innodbplugin-dos(79386) | URL:http://xforce.iss.net/xforce/xfdb/79386";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.25;5;5;25;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-innodbplugin-dos(79386) | URL:http://xforce.iss.net/xforce/xfdb/79386";Assigned (20120606);"None (candidate not yet proposed)"; - 5.1.65;5;1;65;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-server-dos(79383) | URL:http://xforce.iss.net/xforce/xfdb/79383";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.27;5;5;27;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-server-dos(79383) | URL:http://xforce.iss.net/xforce/xfdb/79383";Assigned (20120606);"None (candidate not yet proposed)"; - 5.1.65;5;1;65;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:http://xforce.iss.net/xforce/xfdb/79389";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.27;5;5;27;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:http://xforce.iss.net/xforce/xfdb/79389";Assigned (20120606);"None (candidate not yet proposed)"; - 5.1.64;5;1;64;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:http://xforce.iss.net/xforce/xfdb/79393";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.26;5;5;26;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:http://xforce.iss.net/xforce/xfdb/79393";Assigned (20120606);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; - 5.1.61;5;1;61;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; - 5.2.11;5;2;11;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; - 5.3.6;5;3;6;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; - 5.5.24;5;5;24;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; - 5.1.65;5;1;65;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; - 5.5.27;5;5;27;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2012-5096;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16877 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16877 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120922);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2013-0367;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17077 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17077 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2013-0368;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17255 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17255 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2013-0371;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16451 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16451 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.1.66;5;1;66;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17175 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17175 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.1.28;5;1;28;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17175 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17175 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.1.66;5;1;66;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16758 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16758 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16758 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16758 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.1.66;5;1;66;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16632 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16632 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16632 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16632 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.1.66;5;1;66;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16267 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16267 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16267 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16267 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2013-0386;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16835 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16835 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.1.66;5;1;66;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16825 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16825 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16825 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16825 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; - 5.5.30;5;5;30;CVE-2013-1502;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.6.9;5;6;9;CVE-2013-1502;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.1.67;5;1;67;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.5.29;5;5;29;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.6.10;5;6;10;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.1.67;5;1;67;CVE-2013-1521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.5.29;5;5;29;CVE-2013-1521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.5.29;5;5;29;CVE-2013-1523;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.6.10;5;6;10;CVE-2013-1523;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.5.29;5;5;29;CVE-2013-1526;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.1.66;5;1;66;CVE-2013-1531;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.5.28;5;5;28;CVE-2013-1531;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.1.63;5;1;63;CVE-2013-1548;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.1.67;5;1;67;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.5.29;5;5;29;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; - 5.5.29;5;5;29;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; - 5.3.12;5;3;12;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; - 5.2.14;5;2;14;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; - 5.1.67;5;1;67;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; - 5.1.68;5;1;68;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; - 5.5.30;5;5;30;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; - 5.6.10;5;6;10;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; - 5.6.10;5;6;10;CVE-2013-2381;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; - 5.1.68;5;1;68;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; - 5.5.30;5;5;30;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; - 5.6.10;5;6;10;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; - 5.1.68;5;1;68;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; - 5.5.30;5;5;30;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; - 5.6.10;5;6;10;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; - 5.5.31;5;5;31;CVE-2013-3783;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61210 | URL:http://www.securityfocus.com/bid/61210 | OSVDB:95332 | URL:http://osvdb.org/95332 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133783(85719) | URL:http://xforce.iss.net/xforce/xfdb/85719";Assigned (20130603);"None (candidate not yet proposed)"; - 5.5.31;5;5;31;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61264 | URL:http://www.securityfocus.com/bid/61264 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:http://xforce.iss.net/xforce/xfdb/85710";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.11;5;6;11;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61264 | URL:http://www.securityfocus.com/bid/61264 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:http://xforce.iss.net/xforce/xfdb/85710";Assigned (20130603);"None (candidate not yet proposed)"; - 5.5.30;5;5;30;CVE-2013-3794;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61222 | URL:http://www.securityfocus.com/bid/61222 | OSVDB:95333 | URL:http://osvdb.org/95333";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.10;5;6;10;CVE-2013-3794;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61222 | URL:http://www.securityfocus.com/bid/61222 | OSVDB:95333 | URL:http://osvdb.org/95333";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.11;5;6;11;CVE-2013-3795;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61241 | URL:http://www.securityfocus.com/bid/61241 | OSVDB:95324 | URL:http://osvdb.org/95324";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.11;5;6;11;CVE-2013-3796;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61233 | URL:http://www.securityfocus.com/bid/61233 | OSVDB:95329 | URL:http://osvdb.org/95329";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.11;5;6;11;CVE-2013-3798;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61274 | URL:http://www.securityfocus.com/bid/61274 | OSVDB:95321 | URL:http://osvdb.org/95321";Assigned (20130603);"None (candidate not yet proposed)"; - 5.5.30;5;5;30;CVE-2013-3801;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61269 | URL:http://www.securityfocus.com/bid/61269 | OSVDB:95331 | URL:http://osvdb.org/95331";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.10;5;6;10;CVE-2013-3801;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61269 | URL:http://www.securityfocus.com/bid/61269 | OSVDB:95331 | URL:http://osvdb.org/95331";Assigned (20130603);"None (candidate not yet proposed)"; - 5.1.69;5;1;69;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:http://xforce.iss.net/xforce/xfdb/85712";Assigned (20130603);"None (candidate not yet proposed)"; - 5.5.31;5;5;31;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:http://xforce.iss.net/xforce/xfdb/85712";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.11;5;6;11;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:http://xforce.iss.net/xforce/xfdb/85712";Assigned (20130603);"None (candidate not yet proposed)"; - 5.1.69;5;1;69;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:http://xforce.iss.net/xforce/xfdb/85715";Assigned (20130603);"None (candidate not yet proposed)"; - 5.5.31;5;5;31;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:http://xforce.iss.net/xforce/xfdb/85715";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.11;5;6;11;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:http://xforce.iss.net/xforce/xfdb/85715";Assigned (20130603);"None (candidate not yet proposed)"; - 5.5.30;5;5;30;CVE-2013-3805;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95327 | URL:http://osvdb.org/95327";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.10;5;6;10;CVE-2013-3805;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95327 | URL:http://osvdb.org/95327";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.11;5;6;11;CVE-2013-3806;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3811.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95326 | URL:http://osvdb.org/95326 | XF:oracle-cpujuly2013-cve20133806(85713) | URL:http://xforce.iss.net/xforce/xfdb/85713";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.11;5;6;11;CVE-2013-3807;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95334 | URL:http://osvdb.org/95334 | XF:oracle-cpujuly2013-cve20133807(85721) | URL:http://xforce.iss.net/xforce/xfdb/85721";Assigned (20130603);"None (candidate not yet proposed)"; - 5.1.68;5;1;68;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:http://xforce.iss.net/xforce/xfdb/85717";Assigned (20130603);"None (candidate not yet proposed)"; - 5.5.30;5;5;30;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:http://xforce.iss.net/xforce/xfdb/85717";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.10;5;6;10;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:http://xforce.iss.net/xforce/xfdb/85717";Assigned (20130603);"None (candidate not yet proposed)"; - 5.5.31;5;5;31;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:http://xforce.iss.net/xforce/xfdb/85709";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.11;5;6;11;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:http://xforce.iss.net/xforce/xfdb/85709";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.11;5;6;11;CVE-2013-3810;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95337 | URL:http://osvdb.org/95337 | XF:oracle-cpujuly2013-cve20133810(85724) | URL:http://xforce.iss.net/xforce/xfdb/85724";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.11;5;6;11;CVE-2013-3811;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3806.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95335 | URL:http://osvdb.org/95335 | XF:oracle-cpujuly2013-cve20133811(85722) | URL:http://xforce.iss.net/xforce/xfdb/85722";Assigned (20130603);"None (candidate not yet proposed)"; - 5.5.31;5;5;31;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:http://xforce.iss.net/xforce/xfdb/85723";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.11;5;6;11;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:http://xforce.iss.net/xforce/xfdb/85723";Assigned (20130603);"None (candidate not yet proposed)"; - 5.1.70;5;1;70;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; - 5.5.32;5;5;32;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.12;5;6;12;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; - 5.6.12;5;6;12;CVE-2013-5767;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63113 | URL:http://www.securityfocus.com/bid/63113 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; - 5.6.11;5;6;11;CVE-2013-5770;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63119 | URL:http://www.securityfocus.com/bid/63119 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; - 5.6.12;5;6;12;CVE-2013-5786;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5793.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63107 | URL:http://www.securityfocus.com/bid/63107 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; - 5.6.12;5;6;12;CVE-2013-5793;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5786.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63116 | URL:http://www.securityfocus.com/bid/63116 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; - 5.5.32;5;5;32;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63105 | URL:http://www.securityfocus.com/bid/63105 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; - 5.6.12;5;6;12;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63105 | URL:http://www.securityfocus.com/bid/63105 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; - 5.6.14;5;6;14;CVE-2013-5860;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64864 | URL:http://www.securityfocus.com/bid/64864 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135860(90373) | URL:http://xforce.iss.net/xforce/xfdb/90373";Assigned (20130918);"None (candidate not yet proposed)"; - 5.6.14;5;6;14;CVE-2013-5881;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2014-0431.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64885 | URL:http://www.securityfocus.com/bid/64885 | OSVDB:102066 | URL:http://osvdb.org/102066 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135881(90377) | URL:http://xforce.iss.net/xforce/xfdb/90377";Assigned (20130918);"None (candidate not yet proposed)"; - 5.6.13;5;6;13;CVE-2013-5882;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64854 | URL:http://www.securityfocus.com/bid/64854 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135882(90374) | URL:http://xforce.iss.net/xforce/xfdb/90374";Assigned (20130918);"None (candidate not yet proposed)"; - 5.5.33;5;5;33;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; - 5.6.13;5;6;13;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; - 5.6.13;5;6;13;CVE-2013-5894;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64873 | URL:http://www.securityfocus.com/bid/64873 | OSVDB:102065 | URL:http://osvdb.org/102065 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135894(90376) | URL:http://xforce.iss.net/xforce/xfdb/90376";Assigned (20130918);"None (candidate not yet proposed)"; - 5.1.72;5;1;72;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; - 5.5.34;5;5;34;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; - 5.6.14;5;6;14;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; - 5.5.34;5;5;34;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; - 02.565.63;02;565;63;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; - 5.5.35;5;5;35;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20131212);"None (candidate not yet proposed)"; - 5.6.15;5;6;15;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20131212);"None (candidate not yet proposed)"; - 5.1.71;5;1;71;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; - 5.5.33;5;5;33;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; - 5.6.13;5;6;13;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; - 5.1.71;5;1;71;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; - 5.5.33;5;5;33;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; - 5.6.13;5;6;13;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; - 5.1.72;5;1;72;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; - 5.5.34;5;5;34;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; - 5.6.14;5;6;14;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; - 5.1.71;5;1;71;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; - 5.5.33;5;5;33;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; - 5.6.13;5;6;13;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; - 5.1.72;5;1;72;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; - 5.5.34;5;5;34;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; - 5.6.14;5;6;14;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; - 5.5.34;5;5;34;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; - 5.6.14;5;6;14;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; - 5.6.13;5;6;13;CVE-2014-0427;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64868 | URL:http://www.securityfocus.com/bid/64868 | OSVDB:102072 | URL:http://osvdb.org/102072 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140427(90383) | URL:http://xforce.iss.net/xforce/xfdb/90383";Assigned (20131212);"None (candidate not yet proposed)"; - 5.6.13;5;6;13;CVE-2014-0430;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64893 | URL:http://www.securityfocus.com/bid/64893 | OSVDB:102076 | URL:http://osvdb.org/102076 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140430(90387) | URL:http://xforce.iss.net/xforce/xfdb/90387";Assigned (20131212);"None (candidate not yet proposed)"; - 5.6.14;5;6;14;CVE-2014-0431;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5881.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64897 | URL:http://www.securityfocus.com/bid/64897 | OSVDB:102073 | URL:http://osvdb.org/102073 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140431(90384) | URL:http://xforce.iss.net/xforce/xfdb/90384";Assigned (20131212);"None (candidate not yet proposed)"; - 5.6.13;5;6;13;CVE-2014-0433;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64895 | URL:http://www.securityfocus.com/bid/64895 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140433(90375) | URL:http://xforce.iss.net/xforce/xfdb/90375";Assigned (20131212);"None (candidate not yet proposed)"; - 5.1.72;5;1;72;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; - 5.5.34;5;5;34;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; - 5.6.14;5;6;14;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; - 5.5.35;5;5;35;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; - 5.6.15;5;6;15;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; - 5.5.36;5;5;36;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; - 5.6.16;5;6;16;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; - 5.5.36;5;5;36;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; - 5.6.16;5;6;16;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; - 5.5.35;5;5;35;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; - 5.6.15;5;6;15;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; - 5.6.15;5;6;15;CVE-2014-2434;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66872 | URL:http://www.securityfocus.com/bid/66872";Assigned (20140313);"None (candidate not yet proposed)"; - 5.6.16;5;6;16;CVE-2014-2435;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66853 | URL:http://www.securityfocus.com/bid/66853";Assigned (20140313);"None (candidate not yet proposed)"; - 5.5.36;5;5;36;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; - 5.6.16;5;6;16;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; - 5.5.35;5;5;35;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; - 5.6.15;5;6;15;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; - 5.6.15;5;6;15;CVE-2014-2442;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; - 5.6.15;5;6;15;CVE-2014-2444;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; - 5.6.15;5;6;15;CVE-2014-2450;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; - 5.6.15;5;6;15;CVE-2014-2451;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; - 5.6.17;5;6;17;CVE-2014-2484;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRFTS.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; - 5.5.37;5;5;37;CVE-2014-2494;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; - 5.5.37;5;5;37;CVE-2014-4207;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68593 | URL:http://www.securityfocus.com/bid/68593 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144207(94624) | URL:http://xforce.iss.net/xforce/xfdb/94624";Assigned (20140617);"None (candidate not yet proposed)"; - 5.6.17;5;6;17;CVE-2014-4214;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68607 | URL:http://www.securityfocus.com/bid/68607 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144214(94627) | URL:http://xforce.iss.net/xforce/xfdb/94627";Assigned (20140617);"None (candidate not yet proposed)"; - 5.6.17;5;6;17;CVE-2014-4233;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68598 | URL:http://www.securityfocus.com/bid/68598 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144233(94625) | URL:http://xforce.iss.net/xforce/xfdb/94625";Assigned (20140617);"None (candidate not yet proposed)"; - 5.6.17;5;6;17;CVE-2014-4238;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68587 | URL:http://www.securityfocus.com/bid/68587 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144238(94623) | URL:http://xforce.iss.net/xforce/xfdb/94623";Assigned (20140617);"None (candidate not yet proposed)"; - 5.6.17;5;6;17;CVE-2014-4240;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68602 | URL:http://www.securityfocus.com/bid/68602 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144240(94626) | URL:http://xforce.iss.net/xforce/xfdb/94626";Assigned (20140617);"None (candidate not yet proposed)"; - 5.5.35;5;5;35;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; - 5.6.15;5;6;15;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; - 5.5.37;5;5;37;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; - 5.6.17;5;6;17;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; - 5.5.37;5;5;37;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; - 5.6.17;5;6;17;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; - 5.5.38;5;5;38;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; - 5.6.19;5;6;19;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; - 5.5.38;5;5;38;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; - 5.6.19;5;6;19;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; - 5.5.38;5;5;38;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70532 | URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.19;5;6;19;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70532 | URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.39;5;5;39;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70451 | URL:http://www.securityfocus.com/bid/70451 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.20;5;6;20;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70451 | URL:http://www.securityfocus.com/bid/70451 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.39;5;5;39;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70446 | URL:http://www.securityfocus.com/bid/70446 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.20;5;6;20;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70446 | URL:http://www.securityfocus.com/bid/70446 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.19;5;6;19;CVE-2014-6474;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.38;5;5;38;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70489 | URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.19;5;6;19;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70489 | URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.38;5;5;38;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70455 | URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.19;5;6;19;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70455 | URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.19;5;6;19;CVE-2014-6489;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70525 | URL:http://www.securityfocus.com/bid/70525";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.39;5;5;39;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70444 | URL:http://www.securityfocus.com/bid/70444 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.20;5;6;20;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70444 | URL:http://www.securityfocus.com/bid/70444 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.39;5;5;39;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70497 | URL:http://www.securityfocus.com/bid/70497 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.20;5;6;20;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70497 | URL:http://www.securityfocus.com/bid/70497 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.38;5;5;38;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70496 | URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.19;5;6;19;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70496 | URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.39;5;5;39;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70469 | URL:http://www.securityfocus.com/bid/70469 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.20;5;6;20;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70469 | URL:http://www.securityfocus.com/bid/70469 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.39;5;5;39;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70478 | URL:http://www.securityfocus.com/bid/70478 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.20;5;6;20;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70478 | URL:http://www.securityfocus.com/bid/70478 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.38;5;5;38;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70516 | URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.19;5;6;19;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70516 | URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.39;5;5;39;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70550 | URL:http://www.securityfocus.com/bid/70550 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.20;5;6;20;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70550 | URL:http://www.securityfocus.com/bid/70550 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.38;5;5;38;CVE-2014-6520;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70510 | URL:http://www.securityfocus.com/bid/70510";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.38;5;5;38;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70486 | URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.19;5;6;19;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70486 | URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.38;5;5;38;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70462 | URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.19;5;6;19;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70462 | URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.39;5;5;39;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70530 | URL:http://www.securityfocus.com/bid/70530 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.20;5;6;20;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70530 | URL:http://www.securityfocus.com/bid/70530 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.39;5;5;39;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.20;5;6;20;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.19;5;6;19;CVE-2014-6564;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70511 | URL:http://www.securityfocus.com/bid/70511";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; - 5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; - 5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; - 5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; - 5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72229 | URL:http://www.securityfocus.com/bid/72229 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150385(100190) | URL:http://xforce.iss.net/xforce/xfdb/100190";Assigned (20141217);"None (candidate not yet proposed)"; - 5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.22;5;6;22;CVE-2015-0405;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72223 | URL:http://www.securityfocus.com/bid/72223 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150409(100188) | URL:http://xforce.iss.net/xforce/xfdb/100188";Assigned (20141217);"None (candidate not yet proposed)"; - 5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.22;5;6;22;CVE-2015-0423;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72217 | URL:http://www.securityfocus.com/bid/72217 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150432(100187) | URL:http://xforce.iss.net/xforce/xfdb/100187";Assigned (20141217);"None (candidate not yet proposed)"; - 5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.22;5;6;22;CVE-2015-0438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.22;5;6;22;CVE-2015-0439;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-4756.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74085 | URL:http://www.securityfocus.com/bid/74085 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.5.41;5;5;41;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.22;5;6;22;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-0498;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.5.42;5;5;42;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-0500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74081 | URL:http://www.securityfocus.com/bid/74081 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.5.42;5;5;42;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-0503;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.5.42;5;5;42;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-0506;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2015-0508.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-0507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-0508;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0506.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-0511;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; - 5.6.22;5;6;22;CVE-2015-2566;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-2567;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; - 5.5.41;5;5;41;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; - 5.6.22;5;6;22;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; - 5.5.42;5;5;42;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; - 5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; - 5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; - 5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75762 | URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75774 | URL:http://www.securityfocus.com/bid/75774";Assigned (20150320);"None (candidate not yet proposed)"; - 5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75760 | URL:http://www.securityfocus.com/bid/75760";Assigned (20150320);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75815 | URL:http://www.securityfocus.com/bid/75815";Assigned (20150320);"None (candidate not yet proposed)"; - 5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; - 5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75813 | URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)"; - 5.7.2;5;7;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; - 6.1.2;6;1;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; - 5.5.43;5;5;43;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; - 5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | BID:75785 | URL:http://www.securityfocus.com/bid/75785";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75770 | URL:http://www.securityfocus.com/bid/75770";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77232 | URL:http://www.securityfocus.com/bid/77232 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75844 | URL:http://www.securityfocus.com/bid/75844";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75753 | URL:http://www.securityfocus.com/bid/75753";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75835 | URL:http://www.securityfocus.com/bid/75835";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75781 | URL:http://www.securityfocus.com/bid/75781";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77213 | URL:http://www.securityfocus.com/bid/77213 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4800;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77216 | URL:http://www.securityfocus.com/bid/77216 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.45;5;5;45;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.45;5;5;45;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.44;5;5;44;CVE-2015-4816;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77134 | URL:http://www.securityfocus.com/bid/77134 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.44;5;5;44;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.25;5;6;25;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.45;5;5;45;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.45;5;5;45;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.25;5;6;25;CVE-2015-4833;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77170 | URL:http://www.securityfocus.com/bid/77170 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.45;5;5;45;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.45;5;5;45;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.45;5;5;45;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4862;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77147 | URL:http://www.securityfocus.com/bid/77147 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.43;5;5;43;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.24;5;6;24;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-4866;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77132 | URL:http://www.securityfocus.com/bid/77132 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.45;5;5;45;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.44;5;5;44;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.25;5;6;25;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4890;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77231 | URL:http://www.securityfocus.com/bid/77231 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.25;5;6;25;CVE-2015-4895;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77136 | URL:http://www.securityfocus.com/bid/77136 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.25;5;6;25;CVE-2015-4904;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77219 | URL:http://www.securityfocus.com/bid/77219 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.23;5;6;23;CVE-2015-4905;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77143 | URL:http://www.securityfocus.com/bid/77143 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77234 | URL:http://www.securityfocus.com/bid/77234 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; - 5.6.27;5;6;27;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; - 2.17.0;2;17;0;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; - 10.0.21;10;0;21;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; - 2.21.1;2;21;1;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; - 5.4.42;5;4;42;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; - 5.5.26;5;5;26;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; - 5.6.10;5;6;10;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; - 5.5.45;5;5;45;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; - 5.7.8;5;7;8;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; - 5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; - 10.0.22;10;0;22;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; - 10.1.9;10;1;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; - 5.5.46;5;5;46;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; - 10.0.22;10;0;22;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; - 10.1.9;10;1;9;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; - 5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; - 5.6.28;5;6;28;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; - 5.7.10;5;7;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; - 5.7.12;5;7;12;CVE-2016-3424;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91976 | URL:http://www.securityfocus.com/bid/91976";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.11;5;7;11;CVE-2016-3440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91910 | URL:http://www.securityfocus.com/bid/91910";Assigned (20160317);"None (candidate not yet proposed)"; - 5.5.47;5;5;47;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; - 5.6.28;5;6;28;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.9;5;7;9;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; - 5.5.48;5;5;48;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; - 10.0.24;10;0;24;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; - 10.1.13;10;1;13;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; - 5.6.29;5;6;29;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.11;5;7;11;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; - 10.0.24;10;0;24;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; - 10.1.13;10;1;13;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; - 3.0.25;3;0;25;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; - 3.1.2;3;1;2;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; - 5.5.45;5;5;45;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913";Assigned (20160317);"None (candidate not yet proposed)"; - 5.6.26;5;6;26;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913";Assigned (20160317);"None (candidate not yet proposed)"; - 5.5.48;5;5;48;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; - 5.6.29;5;6;29;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.11;5;7;11;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; - 5.5.49;5;5;49;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; - 10.0.25;10;0;25;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; - 10.1.14;10;1;14;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; - 5.6.30;5;6;30;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.12;5;7;12;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; - 5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; - 5.6.32;5;6;32;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.14;5;7;14;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-3495;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93670 | URL:http://www.securityfocus.com/bid/93670";Assigned (20160317);"None (candidate not yet proposed)"; - 5.6.30;5;6;30;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.12;5;7;12;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.12;5;7;12;CVE-2016-3518;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91967 | URL:http://www.securityfocus.com/bid/91967";Assigned (20160317);"None (candidate not yet proposed)"; - 5.5.48;5;5;48;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; - 5.6.29;5;6;29;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.11;5;7;11;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; - 5.5.49;5;5;49;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; - 10.0.25;10;0;25;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; - 10.1.14;10;1;14;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.12;5;7;12;CVE-2016-3588;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91983 | URL:http://www.securityfocus.com/bid/91983";Assigned (20160317);"None (candidate not yet proposed)"; - 5.6.30;5;6;30;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.12;5;7;12;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992";Assigned (20160317);"None (candidate not yet proposed)"; - 5.5.48;5;5;48;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; - 5.6.29;5;6;29;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.11;5;7;11;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; - 5.5.49;5;5;49;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; - 10.0.25;10;0;25;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; - 10.1.14;10;1;14;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; - 5.7.12;5;7;12;CVE-2016-5436;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91906 | URL:http://www.securityfocus.com/bid/91906";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.12;5;7;12;CVE-2016-5437;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91917 | URL:http://www.securityfocus.com/bid/91917";Assigned (20160616);"None (candidate not yet proposed)"; - 5.6.30;5;6;30;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.12;5;7;12;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969";Assigned (20160616);"None (candidate not yet proposed)"; - 5.5.48;5;5;48;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; - 5.6.29;5;6;29;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.11;5;7;11;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; - 5.5.49;5;5;49;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; - 10.0.25;10;0;25;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; - 10.1.14;10;1;14;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.12;5;7;12;CVE-2016-5441;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91915 | URL:http://www.securityfocus.com/bid/91915";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.12;5;7;12;CVE-2016-5442;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91974 | URL:http://www.securityfocus.com/bid/91974";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.12;5;7;12;CVE-2016-5443;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91963 | URL:http://www.securityfocus.com/bid/91963";Assigned (20160616);"None (candidate not yet proposed)"; - 5.5.47;5;5;47;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; - 5.6.28;5;6;28;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.10;5;7;10;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; - 5.5.48;5;5;48;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; - 10.0.24;10;0;24;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; - 10.1.13;10;1;13;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; - 5.6.32;5;6;32;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.14;5;7;14;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; - 5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; - 5.6.33;5;6;33;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.15;5;7;15;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.14;5;7;14;CVE-2016-5625;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Packaging.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93617 | URL:http://www.securityfocus.com/bid/93617";Assigned (20160616);"None (candidate not yet proposed)"; - 5.6.31;5;6;31;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93642 | URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93642 | URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-5628;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93662 | URL:http://www.securityfocus.com/bid/93662";Assigned (20160616);"None (candidate not yet proposed)"; - 5.5.51;5;5;51;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; - 5.6.32;5;6;32;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.14;5;7;14;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; - 5.6.31;5;6;31;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93674 | URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93674 | URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-5631;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93684 | URL:http://www.securityfocus.com/bid/93684";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.14;5;7;14;CVE-2016-5632;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93693 | URL:http://www.securityfocus.com/bid/93693";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-5633;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-8290.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93702 | URL:http://www.securityfocus.com/bid/93702";Assigned (20160616);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-5635;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93715 | URL:http://www.securityfocus.com/bid/93715";Assigned (20160616);"None (candidate not yet proposed)"; - 5.5.51;5;5;51;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; - 5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; - 5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; - 5.5.50;5;5;50;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; - 10.0.26;10;0;26;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; - 10.1.16;10;1;16;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; - 5.6.31;5;6;31;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; - 5.5.51;5;5;51;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; - 5.6.32;5;6;32;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; - 5.7.14;5;7;14;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; - 8.0.0;8;0;0;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; - 10.0.27;10;0;27;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; - 10.1.17;10;1;17;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; - 5.5.50;5;5;50;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; - 5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; - 5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; - 5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; - 5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; - 5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; - 5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; - 7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; - 5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; - 5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; - 5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; - 5.6.31;5;6;31;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93755 | URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93755 | URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; - 5.7.14;5;7;14;CVE-2016-8286;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93745 | URL:http://www.securityfocus.com/bid/93745";Assigned (20160926);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-8287;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93727 | URL:http://www.securityfocus.com/bid/93727";Assigned (20160926);"None (candidate not yet proposed)"; - 5.6.30;5;6;30;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93740 | URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; - 5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93740 | URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93720 | URL:http://www.securityfocus.com/bid/93720";Assigned (20160926);"None (candidate not yet proposed)"; - 5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93733 | URL:http://www.securityfocus.com/bid/93733";Assigned (20160926);"None (candidate not yet proposed)"; - 5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; - 5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; - 5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95538 | URL:http://www.securityfocus.com/bid/95538";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95482 | URL:http://www.securityfocus.com/bid/95482";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95486 | URL:http://www.securityfocus.com/bid/95486";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.55;5;5;55;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 3.2.1182;3;2;1182;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 3.3.2;3;3;2;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 3.1.6;3;1;6;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 3.2.1182;3;2;1182;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 3.3.2;3;3;2;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.54;5;5;54;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95479 | URL:http://www.securityfocus.com/bid/95479";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95470 | URL:http://www.securityfocus.com/bid/95470";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.11;5;7;11;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97772 | URL:http://www.securityfocus.com/bid/97772 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97772 | URL:http://www.securityfocus.com/bid/97772 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3452;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97779 | URL:http://www.securityfocus.com/bid/97779 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.54;5;5;54;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3454;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97791 | URL:http://www.securityfocus.com/bid/97791 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97820 | URL:http://www.securityfocus.com/bid/97820 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.54;5;5;54;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3457;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97845 | URL:http://www.securityfocus.com/bid/97845 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3458;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97837 | URL:http://www.securityfocus.com/bid/97837 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3459;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97847 | URL:http://www.securityfocus.com/bid/97847 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3460;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97826 | URL:http://www.securityfocus.com/bid/97826 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.54;5;5;54;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.54;5;5;54;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.54;5;5;54;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.54;5;5;54;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3465;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97822 | URL:http://www.securityfocus.com/bid/97822 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3467;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97825 | URL:http://www.securityfocus.com/bid/97825 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3468;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97848 | URL:http://www.securityfocus.com/bid/97848 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97754 | URL:http://www.securityfocus.com/bid/97754 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97754 | URL:http://www.securityfocus.com/bid/97754 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.5.54;5;5;54;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.6.35;5;6;35;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - 5.7.17;5;7;17;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; - From 3c3fdcd9369be7d3cdf2558b4f61fea52c4a83c8 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Mon, 31 Jul 2017 14:27:15 +0200 Subject: [PATCH 052/102] Performance Schema Issue #328 --- mysqltuner.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 4b92cc8..515bb1d 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -3342,9 +3342,9 @@ sub mysqsl_pfs { unless ( grep /^sys$/, select_array("SHOW DATABASES") ) { infoprint "Sys schema isn't installed."; - push( @generalrec, + push( @generalrec, "Consider installing Sys schema from https://github.com/mysql/mysql-sys" - ); + ) unless ( mysql_version_le( 5, 5 ) ); return; } else { From 51a1f067584f5ebd0556fc6a68542a37002577c7 Mon Sep 17 00:00:00 2001 From: IWriteThings Date: Mon, 31 Jul 2017 10:33:51 -0700 Subject: [PATCH 053/102] Update README.md Added instructions to install mysqltuner using brew. --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 1c13621..fdd9be3 100644 --- a/README.md +++ b/README.md @@ -203,6 +203,10 @@ If the database has too many tables, or very large table, use this: --skipsize Don't enumerate tables and their types/sizes (default: on) (Recommended for servers with many tables) +**Question: Can I install this project using homebrew on Apple Macintosh?** + +Yes! `brew install mysqltuner` can be used to install this application using [homebrew](https://brew.sh/) on Apple Macintosh. + MySQLTuner and Vagrant -- **MySQLTuner** contains following Vagrant configurations: From ce381102a718bb495ec96af31304c1542582e322 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Wed, 23 Aug 2017 09:25:51 +0200 Subject: [PATCH 054/102] New vagrant file based on Centos 7 --- Vagrant/Vagrantfile_for_MariaDB10.0 | 37 +++-- Vagrant/Vagrantfile_for_MariaDB10.1 | 221 ++++++++++++++-------------- Vagrant/prepare.sh | 4 +- 3 files changed, 142 insertions(+), 120 deletions(-) diff --git a/Vagrant/Vagrantfile_for_MariaDB10.0 b/Vagrant/Vagrantfile_for_MariaDB10.0 index 2f59cf7..b70492c 100644 --- a/Vagrant/Vagrantfile_for_MariaDB10.0 +++ b/Vagrant/Vagrantfile_for_MariaDB10.0 @@ -12,11 +12,7 @@ Vagrant.configure(2) do |config| # Every Vagrant development environment requires a box. You can search for # boxes at https://atlas.hashicorp.com/search. - config.vm.box = "fc23-mariadb10-0" - config.vm.box_url = "https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-Vagrant-23-20151030.x86_64.vagrant-virtualbox.box" - # Disable automatic box update checking. If you disable this, then - # boxes will only be checked for updates when the user runs - # `vagrant box outdated`. This is not recommended. + config.vm.box = "centos/7" # config.vm.box_check_update = false config.vbguest.auto_update = true # Create a forwarded port mapping which allows access to a specific port @@ -24,6 +20,12 @@ Vagrant.configure(2) do |config| # accessing "localhost:8080" will access port 80 on the guest machine. # config.vm.network "forwarded_port", guest: 80, host: 8080 + if Vagrant.has_plugin?("vagrant-proxyconf") + config.proxy.http = "http://10.195.50.51:3128/" + config.proxy.https = "http://10.195.50.51:3128/" + config.proxy.no_proxy = "localhost,127.0.0.1,.example.com" + end + # Create a private network, which allows host-only access to the machine # using a specific IP. # config.vm.network "private_network", ip: "192.168.0.115" @@ -74,17 +76,30 @@ Vagrant.configure(2) do |config| echo "secret" | sudo passwd --stdin root sudo cp -pr ~vagrant/.ssh /root sudo chown -R root.root /root/.ssh - sudo yum -y install git python + + sudo yum-config-manager --enable base + +echo "[mariadb]" >/tmp/mariadb.repo +echo "name = MariaDB" >>/tmp/mariadb.repo +echo "baseurl = http://yum.mariadb.org/10.0/centos7-amd64" >> /tmp/mariadb.repo +echo "gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB" >> /tmp/mariadb.repo +echo "gpgcheck=1" >> /tmp/mariadb.repo +sudo cp /tmp/mariadb.repo /etc/yum.repos.d/ + + sudo rpm -Uvh http://mirrors.ircam.fr/pub/fedora/epel/7/x86_64/e/epel-release-7-10.noarch.rpm + + + sudo yum -y install python2-pip git python perl-WWW-Mechanize-GZip perl-App-cpanminus perl-List-MoreUtils MariaDB-server MariaDB-Client wget + sudo pip install --upgrade pip if [ ! -d "/data/MySQLTuner-perl" ]; then cd /data sudo git clone https://github.com/major/MySQLTuner-perl.git - fi - sudo yum -y install perl-WWW-Mechanize-GZip perl-App-cpanminus perl-List-MoreUtils - sudo cpanm install File::Util + fi + sudo cpanm install File::Util - sudo yum -y install mariadb mariadb-server wget - sudo systemctl start mariadb.service + #sudo systemctl start mariadb.service + sudo service mysql start mysql -e 'select version();' cd /data sudo wget "https://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2" diff --git a/Vagrant/Vagrantfile_for_MariaDB10.1 b/Vagrant/Vagrantfile_for_MariaDB10.1 index daa5ac3..238e12e 100644 --- a/Vagrant/Vagrantfile_for_MariaDB10.1 +++ b/Vagrant/Vagrantfile_for_MariaDB10.1 @@ -1,107 +1,114 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -# All Vagrant configuration is done below. The "2" in Vagrant.configure -# configures the configuration version (we support older styles for -# backwards compatibility). Please don't change it unless you know what -# you're doing. -Vagrant.configure(2) do |config| - # The most common configuration options are documented and commented below. - # For a complete reference, please see the online documentation at - # https://docs.vagrantup.com. - - # Every Vagrant development environment requires a box. You can search for - # boxes at https://atlas.hashicorp.com/search. - config.vm.box = "fc23-mariadb10-1" - config.vm.box_url = "https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-Vagrant-23-20151030.x86_64.vagrant-virtualbox.box" - # Disable automatic box update checking. If you disable this, then - # boxes will only be checked for updates when the user runs - # `vagrant box outdated`. This is not recommended. - # config.vm.box_check_update = false - config.vbguest.auto_update = true - # Create a forwarded port mapping which allows access to a specific port - # within the machine from a port on the host machine. In the example below, - # accessing "localhost:8080" will access port 80 on the guest machine. - # config.vm.network "forwarded_port", guest: 80, host: 8080 - - # Create a private network, which allows host-only access to the machine - # using a specific IP. - # config.vm.network "private_network", ip: "192.168.0.115" - config.hostmanager.enabled = true - config.hostmanager.manage_host = true - config.hostmanager.ignore_private_ip = false - config.hostmanager.include_offline = true - - # Create a public network, which generally matched to bridged network. - # Bridged networks make the machine appear as another physical device on - # your network. - config.vm.network "public_network" - config.vm.hostname = 'dev.app' - config.hostmanager.aliases = %w(dev.app.localdomain dev.app.local) - # Share an additional folder to the guest VM. The first argument is - # the path on the host to the actual folder. The second argument is - # the path on the guest to mount the folder. And the optional third - # argument is a set of non-required options. - config.vm.synced_folder "./data", "/data" - - # Provider-specific configuration so you can fine-tune various - # backing providers for Vagrant. These expose provider-specific options. - # Example for VirtualBox: - # - config.vm.provider "virtualbox" do |vb| - # # Display the VirtualBox GUI when booting the machine - # vb.gui = false - # - # # Customize the amount of memory on the VM: - vb.memory = "1024" - end - # - # View the documentation for the provider you are using for more - # information on available options. - - # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies - # such as FTP and Heroku are also available. See the documentation at - # https://docs.vagrantup.com/v2/push/atlas.html for more information. - # config.push.define "atlas" do |push| - # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" - # end - - # Enable provisioning with a shell script. Additional provisioners such as - # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the - # documentation for more information about their specific syntax and use. - config.vm.provision "shell", inline: <<-SHELL - sudo yum -y update - echo "secret" | sudo passwd --stdin root - sudo cp -pr ~vagrant/.ssh /root - sudo chown -R root.root /root/.ssh - sudo yum -y install git python - sudo pip install --upgrade pip - if [ ! -d "/data/MySQLTuner-perl" ]; then - cd /data - sudo git clone https://github.com/major/MySQLTuner-perl.git - fi - - echo "# MariaDB 10.1 Fedora repository list - created 2016-01-25 13:11 UTC -# http://mariadb.org/mariadb/repositories/ -[mariadb] -name = MariaDB -baseurl = http://yum.mariadb.org/10.1/fedora23-amd64 -gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB -gpgcheck=1" >> /etc/yum.repos.d/mariadb.repo - sudo yum -y install perl-WWW-Mechanize-GZip perl-App-cpanminus perl-List-MoreUtils - sudo cpanm install File::Util - - sudo yum -y install MariaDB-server MariaDB-client wget - sudo systemctl start mariadb.service - mysql -e 'select version();' - cd /data - sudo wget "https://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2" - sudo tar xvjf employees_db-full-1.0.6.tar.bz2 - cd employees_db - cat employees.sql | mysql - cd .. - cd MySQLTuner-perl - perl mysqltuner.pl --idxstat --dbstat - SHELL - config.vm.provision :hostmanager -end +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure(2) do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://atlas.hashicorp.com/search. + config.vm.box = "centos/7" + # config.vm.box_check_update = false + config.vbguest.auto_update = true + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + if Vagrant.has_plugin?("vagrant-proxyconf") + config.proxy.http = "http://10.195.50.51:3128/" + config.proxy.https = "http://10.195.50.51:3128/" + config.proxy.no_proxy = "localhost,127.0.0.1,.example.com" + end + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.0.115" + config.hostmanager.enabled = true + config.hostmanager.manage_host = true + config.hostmanager.ignore_private_ip = false + config.hostmanager.include_offline = true + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + config.vm.network "public_network" + config.vm.hostname = 'dev.app' + config.hostmanager.aliases = %w(dev.app.localdomain dev.app.local) + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + config.vm.synced_folder "./data", "/data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = false + # + # # Customize the amount of memory on the VM: + vb.memory = "1024" + end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies + # such as FTP and Heroku are also available. See the documentation at + # https://docs.vagrantup.com/v2/push/atlas.html for more information. + # config.push.define "atlas" do |push| + # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" + # end + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + config.vm.provision "shell", inline: <<-SHELL + sudo yum -y update + echo "secret" | sudo passwd --stdin root + sudo cp -pr ~vagrant/.ssh /root + sudo chown -R root.root /root/.ssh + + sudo yum-config-manager --enable base + +echo "[mariadb]" >/tmp/mariadb.repo +echo "name = MariaDB" >>/tmp/mariadb.repo +echo "baseurl = http://yum.mariadb.org/10.1/centos7-amd64" >> /tmp/mariadb.repo +echo "gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB" >> /tmp/mariadb.repo +echo "gpgcheck=1" >> /tmp/mariadb.repo +sudo cp /tmp/mariadb.repo /etc/yum.repos.d/ + + sudo rpm -Uvh http://mirrors.ircam.fr/pub/fedora/epel/7/x86_64/e/epel-release-7-10.noarch.rpm + + + sudo yum -y install python2-pip git python perl-WWW-Mechanize-GZip perl-App-cpanminus perl-List-MoreUtils MariaDB-server MariaDB-Client wget + + sudo pip install --upgrade pip + if [ ! -d "/data/MySQLTuner-perl" ]; then + cd /data + sudo git clone https://github.com/major/MySQLTuner-perl.git + fi + sudo cpanm install File::Util + + #sudo systemctl start mariadb.service + sudo service mysql start + mysql -e 'select version();' + cd /data + sudo wget "https://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2" + sudo tar xvjf employees_db-full-1.0.6.tar.bz2 + cd employees_db + cat employees.sql | mysql + cd .. + cd MySQLTuner-perl + perl mysqltuner.pl --idxstat --dbstat + SHELL + config.vm.provision :hostmanager +end diff --git a/Vagrant/prepare.sh b/Vagrant/prepare.sh index ce5410b..1c44623 100644 --- a/Vagrant/prepare.sh +++ b/Vagrant/prepare.sh @@ -4,5 +4,5 @@ cp Vagrantfile_for_MariaDB10.0 Vagrantfile mkdir data vagrant plugin install vagrant-hostmanager vagrant plugin install vagrant-vbguest -vagrant box add --name fc23 https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-Vagrant-23-20151030.x86_64.vagrant-virtualbox.box -vagrant up +vagrant plugin install vagrant-proxyconf +vagrant --provision up From 17fddf207920d259d24e47022e6123db807324dc Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Fri, 25 Aug 2017 11:12:10 +0200 Subject: [PATCH 055/102] Issue #341 debian credentials not overridable from commandline --- Vagrant/Vagrantfile_for_MariaDB10.2 | 107 ++++++++++++++++++++++++++++ Vagrant/Vagrantfile_for_MariaDB10.3 | 106 +++++++++++++++++++++++++++ mysqltuner.pl | 13 ++-- 3 files changed, 220 insertions(+), 6 deletions(-) create mode 100644 Vagrant/Vagrantfile_for_MariaDB10.2 create mode 100644 Vagrant/Vagrantfile_for_MariaDB10.3 diff --git a/Vagrant/Vagrantfile_for_MariaDB10.2 b/Vagrant/Vagrantfile_for_MariaDB10.2 new file mode 100644 index 0000000..650866f --- /dev/null +++ b/Vagrant/Vagrantfile_for_MariaDB10.2 @@ -0,0 +1,107 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure(2) do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://atlas.hashicorp.com/search. + config.vm.box = "fc23-mariadb10-1" + config.vm.box_url = "https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-Vagrant-23-20151030.x86_64.vagrant-virtualbox.box" + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + config.vbguest.auto_update = true + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.0.115" + config.hostmanager.enabled = true + config.hostmanager.manage_host = true + config.hostmanager.ignore_private_ip = false + config.hostmanager.include_offline = true + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + config.vm.network "public_network" + config.vm.hostname = 'dev.app' + config.hostmanager.aliases = %w(dev.app.localdomain dev.app.local) + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + config.vm.synced_folder "./data", "/data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = false + # + # # Customize the amount of memory on the VM: + vb.memory = "1024" + end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies + # such as FTP and Heroku are also available. See the documentation at + # https://docs.vagrantup.com/v2/push/atlas.html for more information. + # config.push.define "atlas" do |push| + # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" + # end + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + config.vm.provision "shell", inline: <<-SHELL + sudo yum -y update + echo "secret" | sudo passwd --stdin root + sudo cp -pr ~vagrant/.ssh /root + sudo chown -R root.root /root/.ssh + sudo yum -y install git python + sudo pip install --upgrade pip + if [ ! -d "/data/MySQLTuner-perl" ]; then + cd /data + sudo git clone https://github.com/major/MySQLTuner-perl.git + fi + + echo "# MariaDB 10.1 Fedora repository list - created 2016-01-25 13:11 UTC +# http://mariadb.org/mariadb/repositories/ +[mariadb] +name = MariaDB +baseurl = http://yum.mariadb.org/10.2/fedora23-amd64 +gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB +gpgcheck=1" >> /etc/yum.repos.d/mariadb.repo + sudo yum -y install perl-WWW-Mechanize-GZip perl-App-cpanminus perl-List-MoreUtils + sudo cpanm install File::Util + + sudo yum -y install MariaDB-server MariaDB-client wget + sudo systemctl start mariadb.service + mysql -e 'select version();' + cd /data + sudo wget "https://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2" + sudo tar xvjf employees_db-full-1.0.6.tar.bz2 + cd employees_db + cat employees.sql | mysql + cd .. + cd MySQLTuner-perl + perl mysqltuner.pl --idxstat --dbstat + SHELL + config.vm.provision :hostmanager +end diff --git a/Vagrant/Vagrantfile_for_MariaDB10.3 b/Vagrant/Vagrantfile_for_MariaDB10.3 new file mode 100644 index 0000000..0dfac2c --- /dev/null +++ b/Vagrant/Vagrantfile_for_MariaDB10.3 @@ -0,0 +1,106 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure(2) do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://atlas.hashicorp.com/search. + config.vm.box = "centos/7" + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + config.vbguest.auto_update = true + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.0.115" + config.hostmanager.enabled = true + config.hostmanager.manage_host = true + config.hostmanager.ignore_private_ip = false + config.hostmanager.include_offline = true + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + config.vm.network "public_network" + config.vm.hostname = 'dev.app' + config.hostmanager.aliases = %w(dev.app.localdomain dev.app.local) + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + config.vm.synced_folder "./data", "/data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = false + # + # # Customize the amount of memory on the VM: + vb.memory = "1024" + end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies + # such as FTP and Heroku are also available. See the documentation at + # https://docs.vagrantup.com/v2/push/atlas.html for more information. + # config.push.define "atlas" do |push| + # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" + # end + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + config.vm.provision "shell", inline: <<-SHELL + sudo yum -y update + echo "secret" | sudo passwd --stdin root + sudo cp -pr ~vagrant/.ssh /root + sudo chown -R root.root /root/.ssh + sudo yum -y install git python + sudo pip install --upgrade pip + if [ ! -d "/data/MySQLTuner-perl" ]; then + cd /data + sudo git clone https://github.com/major/MySQLTuner-perl.git + fi + + echo "# MariaDB 10.1 Fedora repository list - created 2016-01-25 13:11 UTC +# http://mariadb.org/mariadb/repositories/ +[mariadb] +name = MariaDB +baseurl = http://yum.mariadb.org/10.3/fedora23-amd64 +gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB +gpgcheck=1" >> /etc/yum.repos.d/mariadb.repo + sudo yum -y install perl-WWW-Mechanize-GZip perl-App-cpanminus perl-List-MoreUtils + sudo cpanm install File::Util + + sudo yum -y install MariaDB-server MariaDB-client wget + sudo systemctl start mariadb.service + mysql -e 'select version();' + cd /data + sudo wget "https://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2" + sudo tar xvjf employees_db-full-1.0.6.tar.bz2 + cd employees_db + cat employees.sql | mysql + cd .. + cd MySQLTuner-perl + perl mysqltuner.pl --idxstat --dbstat + SHELL + config.vm.provision :hostmanager +end diff --git a/mysqltuner.pl b/mysqltuner.pl index 515bb1d..84bbb8f 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.3 +# mysqltuner.pl - Version 1.7.4 # High Performance MySQL Tuning Script # Copyright (C) 2006-2017 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.3"; +my $tunerversion = "1.7.4"; my ( @adjvars, @generalrec ); # Set defaults @@ -801,7 +801,7 @@ sub mysql_setup { exit 1; } } - elsif ( -r "/etc/mysql/debian.cnf" and $doremote == 0 ) { + elsif ( -r "/etc/mysql/debian.cnf" and $doremote == 0 and $opt{'defaults-file'} eq '' ) { # We have a debian maintenance account, use it $mysqllogin = "--defaults-file=/etc/mysql/debian.cnf"; @@ -813,11 +813,12 @@ sub mysql_setup { } else { badprint -"Attempted to use login credentials from debian maintenance account, but they failed."; +"Attempted to use login credentials from debian maintena +nce account, but they failed."; exit 1; } } - elsif ( $opt{'defaults-file'} ne 0 and -r "$opt{'defaults-file'}" ) { + elsif ( $opt{'defaults-file'} ne '' and -r "$opt{'defaults-file'}" ) { # defaults-file debugprint "defaults file detected: $opt{'defaults-file'}"; @@ -6123,7 +6124,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.3 - MySQL High Performance Tuning Script + MySQLTuner 1.7.4 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From b5d1650f5955f2e3d3ee15f0513e92612b473a00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20=27Pessoft=27=20Kol=C3=ADnek?= Date: Sat, 9 Sep 2017 13:22:30 +0200 Subject: [PATCH 056/102] add general recommendation for innodb log file changes add information to INTERNALS.md about innodb log file to buffer pool ratio fix buffer pool typos in comments fix code formatting a bit --- INTERNALS.md | 30 ++++++++++++++++-------------- mysqltuner.pl | 32 +++++++++++++++++--------------- 2 files changed, 33 insertions(+), 29 deletions(-) diff --git a/INTERNALS.md b/INTERNALS.md index 722aa56..fe46977 100644 --- a/INTERNALS.md +++ b/INTERNALS.md @@ -72,7 +72,7 @@ ## MySQLTuner system checks * 32-bit w/>2GB RAM check * Check number of opened ports (warning if more than 9 ports opened) -* Check 80, 8080, 443 and 8443 ports if warning are raised if there are opened +* Check 80, 8080, 443 and 8443 ports if warning are raised if there are opened * Check if some banned ports are not opened (option --bannedports separated by comma) * Check if non kernel and user process except mysqld are not using more than 15% of total physical memory) * Check vm.swapiness @@ -103,7 +103,7 @@ * Users w/o host restriction * Weak password check (possibly using cracklib later?) * Using basic_passwords.txt as password database -* Password list checks can be avoid (option: --skippassword) +* Password list checks can be avoid (option: --skippassword) ## MySQLTuner CVE vulnerabilities detection @@ -131,7 +131,7 @@ * Per index information * Index Cardinality * Index Selectivity - * Misc information about index definition + * Misc information about index definition * Misc information about index size ## MySQLTuner Connections information @@ -180,7 +180,7 @@ * Query Cache DISABLED, ALL REQUEST or ON DEMAND * Query Cache Size * Query cache hit ratio (cache efficienty) - + ## MySQLTuner memory checks * Get total RAM/swap @@ -209,8 +209,10 @@ * MySQL needs 1 instanes per 1Go of Buffer Pool * innodb_buffer_pool instances = round(innodb_buffer_pool_size / 1Go) * innodb_buffer_pool instances must be equals or lower than 64 -* InnoDB Buffer Pool Usage +* InnoDB Buffer Pool Usage * If more than 20% of InnoDB buffer pool is not used, MySQLTuner raise an alert. +* InnoDB Buffer Pool Log Size + * InnoDB total log file size should be 25% of innodb_buffer_pool_size * InnoDB Read effiency * Ratio of read without locks * InnoDB Write effiency @@ -225,7 +227,7 @@ * Is Aria indexes size is greater than page cache size ? * Page cache read hit ratio (>95%) * Page cache write hit ratio (>95%) - + ## MySQLTuner MYISAM information @@ -264,13 +266,13 @@ ## MySQLTuner TokuDB information -* tokudb_cache_size -* tokudb_directio +* tokudb_cache_size +* tokudb_directio * tokudb_empty_scan * tokudb_read_block_size * tokudb_commit_sync * tokudb_checkpointing_period -* tokudb_block_size +* tokudb_block_size * tokudb_cleaner_iterations * tokudb_fanout @@ -289,7 +291,7 @@ ## MySQLTuner RocksDb information * Nothing for the moment - + ## MySQLTuner Thread pool information * thread_pool_size between 16 to 36 for Innodb usage @@ -352,9 +354,9 @@ * Event per wait total latency * Event per wait read latency * Event per wait write latency -* TOP 15 most read indexes +* TOP 15 most read indexes * TOP 15 most modified indexes -* TOP 15 high select latency index +* TOP 15 high select latency index * TOP 15 high insert latency index * TOP 15 high update latency index * TOP 15 high delete latency index @@ -383,7 +385,7 @@ * TOP 15 merge queries with sort * TOP 15 average sort merges queries with sort * TOP 15 scans queries with sort -* TOP 15 range queries with sort +* TOP 15 range queries with sort * Top 20 queries with temp table * Last 50 queries with temp table * TOP 15 total latency queries with temp table @@ -393,4 +395,4 @@ * TOP 15 class events by total latency * TOP 30 events by total latency * TOP 15 class events by max latency -* TOP 30 events by max latency \ No newline at end of file +* TOP 30 events by max latency diff --git a/mysqltuner.pl b/mysqltuner.pl index 84bbb8f..b14f699 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -2645,7 +2645,7 @@ sub mysql_stats { if ( defined $myvar{'query_cache_type'} ) { infoprint "Query Cache Buffers"; - infoprint " +-- Query Cache: " + infoprint " +-- Query Cache: " . $myvar{'query_cache_type'} . " - " . ( $myvar{'query_cache_type'} eq 0 | @@ -5382,7 +5382,7 @@ sub mysql_innodb { . $myvar{'innodb_thread_concurrency'}; } - # InnoDB Buffer Pull Size + # InnoDB Buffer Pool Size if ( $myvar{'innodb_file_per_table'} eq "ON" ) { goodprint "InnoDB File per table is activated"; } @@ -5391,7 +5391,7 @@ sub mysql_innodb { push( @adjvars, "innodb_file_per_table=ON" ); } - # InnoDB Buffer Pull Size + # InnoDB Buffer Pool Size if ( $myvar{'innodb_buffer_pool_size'} > $enginestats{'InnoDB'} ) { goodprint "InnoDB buffer pool / data size: " . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . "/" @@ -5416,12 +5416,15 @@ sub mysql_innodb { . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . " should be equal 25%"; push( @adjvars, - "innodb_log_file_size should be (=" - . hr_bytes_rnd( - $myvar{'innodb_buffer_pool_size'} / - $myvar{'innodb_log_files_in_group'} / 4 - ) - . ") if possible, so InnoDB total log files size equals to 25% of buffer pool size." + "innodb_log_file_size should be (=" + . hr_bytes_rnd( + $myvar{'innodb_buffer_pool_size'} / + $myvar{'innodb_log_files_in_group'} / 4 + ) + . ") if possible, so InnoDB total log files size equals to 25% of buffer pool size." + ); + push( @generalrec, +"Read this before changing innodb_log_file_size and/or innodb_log_files_in_group: http://bit.ly/2wgkDvS" ); } else { @@ -5432,7 +5435,7 @@ sub mysql_innodb { . " should be equal 25%"; } - # InnoDB Buffer Pull Instances (MySQL 5.6.6+) + # InnoDB Buffer Pool Instances (MySQL 5.6.6+) if ( defined( $myvar{'innodb_buffer_pool_instances'} ) ) { # Bad Value if > 64 @@ -5442,12 +5445,12 @@ sub mysql_innodb { push( @adjvars, "innodb_buffer_pool_instances (<= 64)" ); } - # InnoDB Buffer Pull Size > 1Go + # InnoDB Buffer Pool Size > 1Go if ( $myvar{'innodb_buffer_pool_size'} > 1024 * 1024 * 1024 ) { -# InnoDB Buffer Pull Size / 1Go = InnoDB Buffer Pull Instances limited to 64 max. +# InnoDB Buffer Pool Size / 1Go = InnoDB Buffer Pool Instances limited to 64 max. - # InnoDB Buffer Pull Size > 64Go + # InnoDB Buffer Pool Size > 64Go my $max_innodb_buffer_pool_instances = int( $myvar{'innodb_buffer_pool_size'} / ( 1024 * 1024 * 1024 ) ); $max_innodb_buffer_pool_instances = 64 @@ -5468,7 +5471,7 @@ sub mysql_innodb { . $myvar{'innodb_buffer_pool_instances'} . ""; } - # InnoDB Buffer Pull Size < 1Go + # InnoDB Buffer Pool Size < 1Go } else { if ( $myvar{'innodb_buffer_pool_instances'} != 1 ) { @@ -6381,4 +6384,3 @@ along with this program. If not, see . # cperl-indent-level: 8 # perl-indent-level: 8 # End: - From 2b7828237d7ad6505ea2a83d48cac49d74229e08 Mon Sep 17 00:00:00 2001 From: Daniel Kolvik Date: Fri, 15 Sep 2017 10:53:57 +0200 Subject: [PATCH 057/102] Add support to pass ssl public key to mysql connection. Makes it possible to run against servers only accepting connection over SSL. --- mysqltuner.pl | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index b14f699..d1c5cfb 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -75,6 +75,7 @@ my %opt = ( "user" => 0, "pass" => 0, "password" => 0, + "ssl-ca" => 0, "skipsize" => 0, "checkversion" => 0, "updateversion" => 0, @@ -119,7 +120,7 @@ GetOptions( 'verbose', 'sysstat', 'password=s', 'pfstat', 'passenv=s', 'userenv=s', - 'defaults-file=s' + 'defaults-file=s','ssl-ca=s' ) or pod2usage( -exitval => 1, @@ -706,6 +707,19 @@ sub mysql_setup { $opt{host} = '127.0.0.1'; } + if ( $opt{'ssl-ca'} ne 0 ) { + if ( -e -r -f $opt{'ssl-ca'} ) { + $remotestring .= " --ssl-ca=$opt{'ssl-ca'}"; + infoprint "Will connect using ssl public key passed on the command line"; + return 1; + } + else { + badprint + "Attempted to use passed ssl public key, but it was not found or could not be read"; + exit 1; + } + } + # Did we already get a username without password on the command line? if ( $opt{user} ne 0 and $opt{pass} eq 0 ) { $mysqllogin = "-u $opt{user} " . $remotestring; @@ -6145,6 +6159,7 @@ You must provide the remote server's total memory when connecting to other serve --userenv Name of env variable which contains username to use for authentication --pass Password to use for authentication --passenv Name of env variable which contains password to use for authentication + --ssl-ca Path to public key --mysqladmin Path to a custom mysqladmin executable --mysqlcmd Path to a custom mysql executable --defaults-file Path to a custom .my.cnf From c45ac0925da55a38446a025f240d4e7891911c58 Mon Sep 17 00:00:00 2001 From: Thomas Meyer Date: Sun, 24 Sep 2017 05:45:13 -0700 Subject: [PATCH 058/102] Determine real log_error path. Determines real log_error path if mysql variable not set or file is relative and does not exist in current working directory. Otherwise return back original value. --- mysqltuner.pl | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/mysqltuner.pl b/mysqltuner.pl index d1c5cfb..e06d17e 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1148,7 +1148,26 @@ sub get_basic_passwords { return get_file_contents(shift); } +sub get_log_file_real_path { + my $file = shift; + my $hostname = shift; + my $datadir = shift; + if ( -f "$file" ) { + return $file; + } + elsif ( -f "$hostname.err" ) { + return "$hostname.err" + } + elsif ( $datadir ne "" ) { + return "$datadir$hostname.err"; + } + else { + return $file; + } +} + sub log_file_recommandations { + $myvar{'log_error'} = get_log_file_real_path( $myvar{'log_error'}, $myvar{'hostname'}, $myvar{'datadir'} ); subheaderprint "Log file Recommendations"; infoprint "Log file: " . $myvar{'log_error'} . "(" From 45c48832c4a1de57b324a8ed7ed3559a9e8ebce0 Mon Sep 17 00:00:00 2001 From: Thomas Meyer Date: Thu, 5 Oct 2017 17:05:20 -0700 Subject: [PATCH 059/102] Read log file by line Changes the log file reading from loading the entire file into memory to reading line by line. --- mysqltuner.pl | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index e06d17e..40387ca 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1202,14 +1202,16 @@ sub log_file_recommandations { . " is > 32Mb, you should analyze why or implement a rotation log strategy such as logrotate!"; } - my @log_content = get_file_contents( $myvar{'log_error'} ); - my $numLi = 0; my $nbWarnLog = 0; my $nbErrLog = 0; my @lastShutdowns; my @lastStarts; - foreach my $logLi (@log_content) { + + open( my $fh, '<', $myvar{'log_error'} ) or die "Can't open $myvar{'log_error'} for read: $!"; + + while ( my $logLi = <$fh> ) { + chomp $logLi; $numLi++; debugprint "$numLi: $logLi" if $logLi =~ /warning|error/i; $nbErrLog++ if $logLi =~ /error/i; @@ -1218,6 +1220,8 @@ sub log_file_recommandations { if $logLi =~ /Shutdown complete/ and $logLi !~ /Innodb/i; push @lastStarts, $logLi if $logLi =~ /ready for connections/; } + close $fh; + if ( $nbWarnLog > 0 ) { badprint "$myvar{'log_error'} contains $nbWarnLog warning(s)."; push @generalrec, From 60660c7d54de54703d0f185b4b3703dec33e813c Mon Sep 17 00:00:00 2001 From: Wesley Schaft Date: Thu, 16 Nov 2017 09:13:40 +0100 Subject: [PATCH 060/102] Changed gcs.limit to gcs.fc_limit, as there's no gcs.limit parameter. --- mysqltuner.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 40387ca..05c422d 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -5097,14 +5097,14 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" "wsrep_slave_threads is equal to 2, 3 or 4 times number of CPU(s)"; } - if ( get_wsrep_option('gcs.limit') != + if ( get_wsrep_option('gcs.fc_limit') != get_wsrep_option('wsrep_slave_threads') * 5 ) { - badprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; - push @adjvars, "gcs.limit= wsrep_slave_threads * 5"; + badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; + push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5"; } else { - goodprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; + goodprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; } if ( get_wsrep_option('wsrep_slave_threads') > 1 ) { From 6cfc372f587a248df385415e22000e4016418a18 Mon Sep 17 00:00:00 2001 From: Sergei A Mamonov Date: Mon, 20 Nov 2017 19:35:41 +0300 Subject: [PATCH 061/102] Update README.ru.md --- README.ru.md | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/README.ru.md b/README.ru.md index 364c3c0..4ce0f63 100644 --- a/README.ru.md +++ b/README.ru.md @@ -13,10 +13,11 @@ MySQLTuner-perl **MySQLTuner** поддерживает порядка 300 показателей для MySQL/MariaDB/Percona Server последних версий. -**MySQLTuner** поддерживает сбор показателей для множества таких конфигураций, как ![Galera Cluster](http://galeracluster.com/), ![TokuDB](https://www.percona.com/software/mysql-database/percona-tokudb), ![ Performance schema](https://github.com/mysql/mysql-sys), Linux OS metrics, ![InnoDB](http://dev.mysql.com/doc/refman/5.7/en/innodb-storage-engine.html), ![MyISAM](http://dev.mysql.com/doc/refman/5.7/en/myisam-storage-engine.html), ![Aria](https://mariadb.com/kb/en/mariadb/aria/), ... +**MySQLTuner** поддерживает сбор показателей для множества таких конфигураций, как [Galera Cluster](http://galeracluster.com/), [TokuDB](https://www.percona.com/software/mysql-database/percona-tokudb), [Performance schema](https://github.com/mysql/mysql-sys), метрики ОС Linux, [InnoDB](http://dev.mysql.com/doc/refman/5.7/en/innodb-storage-engine.html), [MyISAM](http://dev.mysql.com/doc/refman/5.7/en/myisam-storage-engine.html), [Aria](https://mariadb.com/kb/en/mariadb/aria/), ... + Вы можете найти больше информации об этих показателях на -![Indicators description](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md). +[Indicators description](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md). ![MysqlTuner](https://github.com/major/MySQLTuner-perl/blob/master/mysqltuner.png) @@ -26,7 +27,7 @@ MySQLTuner нуждается в вас: **MySQLTuner** нуждается в вашем вкладе в документацию и код, а так же ждёт обратную связь. -* Присоединяйтесь, пожалуйста, к нашему трекеру ошибок [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues). +* Присоединяйтесь, пожалуйста, к нашему трекеру ошибок [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues). * Руководство по поддержке проекта доступно на [MySQLTuner contributing guide](https://github.com/major/MySQLTuner-perl/blob/master/CONTRIBUTING.md) * Ставьте "звезды" **проекту MySQLTuner** на [MySQLTuner Git Hub Project](https://github.com/major/MySQLTuner-perl) @@ -61,6 +62,15 @@ MySQLTuner нуждается в вас: **Серьезно - прочитайте раздел ЧаВо, который расположен чуть ниже.** + +Рекомендации по безопасности +-- + +Здравствуй, пользователь directadmin! +Мы обнаружили, что запуск mysqltuner с доступами da_admin, взятыми из файла /usr/local/directadmin/conf/my.cnf, может привести к компрометации пароля! +Детали можно прочитать по ссылке [Issue #289](https://github.com/major/MySQLTuner-perl/issues/289). + + Что именно проверяет MySQLTuner? -- Все проверки, что выполняет **MySQLTuner**, задокументированы в [MySQLTuner Internals](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md) @@ -199,6 +209,10 @@ __Пример:__ Включение вывода отладочной инфо --skipsize Don't enumerate tables and their types/sizes (default: on) (Recommended for servers with many tables) +**Вопрос: Я могу установить этот проект с помощью homebrew на Apple Macintosh?** + +Да! Вы можете уставновить его командой `brew install mysqltuner` с помощью [homebrew](https://brew.sh/) на Apple Macintosh. + MySQLTuner и Vagrant -- **MySQLTuner** содержится в следующих конфигурациях Vagrant: @@ -235,7 +249,7 @@ MySQLTuner нуждается в Вас: **MySQLTuner** нуждается в вашем вкладе в документацию и код, а так же ждёт обратную связь. -* Присоединяйтесь, пожалуйста, к нашему трекеру ошибок [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues). +* Присоединяйтесь, пожалуйста, к нашему трекеру ошибок [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues). * Руководство по поддержке проекта доступно на [MySQLTuner contributing guide](https://github.com/major/MySQLTuner-perl/blob/master/CONTRIBUTING.md) * Ставьте "звезды" **проекту MySQLTuner** на [MySQLTuner Git Hub Project](https://github.com/major/MySQLTuner-perl) From 53cdb0e0b9b1ace57b7898001f491f7ccf68ce70 Mon Sep 17 00:00:00 2001 From: Mark Hyde Date: Tue, 28 Nov 2017 13:11:39 +0000 Subject: [PATCH 062/102] Ignore password check for auth_pam_compat plugin - Users authenticating via auth_pam_compat will use pam for authentication rather than the mysql password field, so the latter is expected to be empty. --- mysqltuner.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 05c422d..117fc52 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1207,7 +1207,7 @@ sub log_file_recommandations { my $nbErrLog = 0; my @lastShutdowns; my @lastStarts; - + open( my $fh, '<', $myvar{'log_error'} ) or die "Can't open $myvar{'log_error'} for read: $!"; while ( my $logLi = <$fh> ) { @@ -1221,7 +1221,7 @@ sub log_file_recommandations { push @lastStarts, $logLi if $logLi =~ /ready for connections/; } close $fh; - + if ( $nbWarnLog > 0 ) { badprint "$myvar{'log_error'} contains $nbWarnLog warning(s)."; push @generalrec, @@ -1716,7 +1716,7 @@ sub security_recommendations { # Looking for Empty Password if ( mysql_version_ge( 5, 5 ) ) { @mysqlstatlist = select_array -"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE ($PASS_COLUMN_NAME = '' OR $PASS_COLUMN_NAME IS NULL) AND plugin NOT IN ('unix_socket', 'win_socket')"; +"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE ($PASS_COLUMN_NAME = '' OR $PASS_COLUMN_NAME IS NULL) AND plugin NOT IN ('unix_socket', 'win_socket', 'auth_pam_compat')"; } else { @mysqlstatlist = select_array From f530ee787d8cb6068db5ae686a10c6f9feb48be3 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Wed, 20 Dec 2017 09:33:54 +0100 Subject: [PATCH 063/102] Update mysqltuner.pl --- mysqltuner.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 117fc52..9b7aeee 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -66,7 +66,7 @@ my %opt = ( "nogood" => 0, "noinfo" => 0, "debug" => 0, - "nocolor" => 0, + "nocolor" => ( ! -t STDOUT ), "forcemem" => 0, "forceswap" => 0, "host" => 0, From afc66c68f854cb2fa9c83816c5244fc3e63f3b2e Mon Sep 17 00:00:00 2001 From: joncavanaugh Date: Mon, 8 Jan 2018 16:54:51 -0600 Subject: [PATCH 064/102] Spelling & Grammar Some small changes to spelling and sentence structure. --- README.md | 65 +++++++++++++++++++++++++++---------------------------- 1 file changed, 32 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index fdd9be3..25c2357 100644 --- a/README.md +++ b/README.md @@ -4,14 +4,14 @@ MySQLTuner-perl [![Project Status](http://opensource.box.com/badges/active.svg)](http://opensource.box.com/badges) [![Project Status](http://opensource.box.com/badges/maintenance.svg)](http://opensource.box.com/badges) [![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/major/MySQLTuner-perl.svg)](http://isitmaintained.com/project/major/MySQLTuner-perl "Average time to resolve an issue") -[![Percentage of issues still open](http://isitmaintained.com/badge/open/major/MySQLTuner-perl.svg)](http://isitmaintained.com/project/major/MySQLTuner-perl "Percentage of issues still open") -[![GPL Licence](https://badges.frapsoft.com/os/gpl/gpl.png?v=103)](https://opensource.org/licenses/GPL-3.0/) +[![Percentage of open issues](http://isitmaintained.com/badge/open/major/MySQLTuner-perl.svg)](http://isitmaintained.com/project/major/MySQLTuner-perl "Percentage of issues still open") +[![GPL License](https://badges.frapsoft.com/os/gpl/gpl.png?v=103)](https://opensource.org/licenses/GPL-3.0/) **MySQLTuner** is a script written in Perl that allows you to review a MySQL installation quickly and make adjustments to increase performance and stability. The current configuration variables and status data is retrieved and presented in a brief format along with some basic performance suggestions. -**MySQLTuner** supports in this last version ~300 indicators for MySQL/MariaDB/Percona Server. +**MySQLTuner** supports ~300 indicators for MySQL/MariaDB/Percona Server in this last version. -**MySQLTuner** is maintained and indicator collect is increasing week after week supporting a lot of configuration such as [Galera Cluster](http://galeracluster.com/), [TokuDB](https://www.percona.com/software/mysql-database/percona-tokudb), [Performance schema](https://github.com/mysql/mysql-sys), Linux OS metrics, [InnoDB](http://dev.mysql.com/doc/refman/5.7/en/innodb-storage-engine.html), [MyISAM](http://dev.mysql.com/doc/refman/5.7/en/myisam-storage-engine.html), [Aria](https://mariadb.com/kb/en/mariadb/aria/), ... +**MySQLTuner** is maintained and indicator collect is increasing week after week supporting a lot of configuration such as [Galera Cluster](http://galeracluster.com/), [TokuDB](https://www.percona.com/software/mysql-database/percona-tokudb), [Performance schema](https://github.com/mysql/mysql-sys), Linux OS metrics, [InnoDB](http://dev.mysql.com/doc/refman/5.7/en/innodb-storage-engine.html), [MyISAM](http://dev.mysql.com/doc/refman/5.7/en/myisam-storage-engine.html), [Aria](https://mariadb.com/kb/en/mariadb/aria/), ... You can find more details on these indicators here: [Indicators description](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md). @@ -22,12 +22,12 @@ You can find more details on these indicators here: MySQLTuner needs you: === -**MySQLTuner** needs contributors for documentation, code and feedbacks.. +**MySQLTuner** needs contributors for documentation, code and feedback.. * Please join us on issue track at [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues). * Contribution guide is available following [MySQLTuner contributing guide](https://github.com/major/MySQLTuner-perl/blob/master/CONTRIBUTING.md) * Star **MySQLTuner project** at [MySQLTuner Git Hub Project](https://github.com/major/MySQLTuner-perl) - + Compatibility: ==== @@ -43,29 +43,29 @@ Compatibility: * Unix/Linux based operating system (tested on Linux, BSD variants, and Solaris variants) * Windows is not supported at this time (Help wanted !!!!!) * Unrestricted read access to the MySQL server (OS root access recommended for MySQL < 5.1) -* CVE vulnerabilites detection support from [https://cve.mitre.org](https://cve.mitre.org) +* CVE vulnerabilities detection support from [https://cve.mitre.org](https://cve.mitre.org) ***WARNING*** -- -It is **extremely important** for you to fully understand each change -you make to a MySQL database server. If you don't understand portions -of the script's output, or if you don't understand the recommendations, -**you should consult** a knowledgeable DBA or system administrator -that you trust. **Always** test your changes on staging environments, and -always keep in mind that improvements in one area can **negatively affect** +It is **extremely important** for you to fully understand each change +you make to a MySQL database server. If you don't understand portions +of the script's output, or if you don't understand the recommendations, +**you should consult** a knowledgeable DBA or system administrator +that you trust. **Always** test your changes on staging environments, and +always keep in mind that improvements in one area can **negatively affect** MySQL in other areas. **Seriously - please review the FAQ section below.** -Security recommandations +Security recommendations -- -Hi directadmin user! -We detected that you run mysqltuner with da_admin's credentials taken from /usr/local/directadmin/conf/my.cnf, which might bring to a password discovery! +Hi directadmin user! +We detected that you run mysqltuner with da_admin's credentials taken from /usr/local/directadmin/conf/my.cnf, which might bring to a password discovery! Read link for more details [Issue #289](https://github.com/major/MySQLTuner-perl/issues/289). -What MySQLTuner is checking exactly ? +What MySQLTuner is checking exactly ? -- All checks done by **MySQLTuner** are documented in [MySQLTuner Internals](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md) documentation. @@ -78,7 +78,7 @@ You can download the entire repository by using 'git clone' followed by the clon wget https://raw.githubusercontent.com/major/MySQLTuner-perl/master/basic_passwords.txt -O basic_passwords.txt wget https://raw.githubusercontent.com/major/MySQLTuner-perl/master/vulnerabilities.csv -O vulnerabilities.csv perl mysqltuner.pl - + Of course, you can add the execute bit (`chmod +x mysqltuner.pl`) so you can execute it without calling perl directly. Specific usage @@ -86,17 +86,17 @@ Specific usage __Usage:__ Minimal usage locally - perl mysqltuner.pl + perl mysqltuner.pl __Usage:__ Minimal usage remotely perl mysqltuner.pl --host targetDNS_IP --user admin_user --pass admin_password -__Usage:__ Enable maximum output information around MySQL/MariaDb without debugging +__Usage:__ Enable maximum output information around MySQL/MariaDb without debugging perl mysqltuner.pl --verbose perl mysqltuner.pl --buffers --dbstat --idxstat --sysstat --pfstat - + __Usage:__ Enable CVE vulnerabilities check for your MariaDB or MySQL version @@ -106,7 +106,7 @@ __Usage:__ Write your result in a file with information displayed perl mysqltuner.pl --outputfile /tmp/result_mysqltuner.txt -__Usage:__ Write your result in a file **without outputting information** +__Usage:__ Write your result in a file **without outputting information** perl mysqltuner.pl --silent --outputfile /tmp/result_mysqltuner.txt @@ -114,7 +114,7 @@ __Usage:__ Using template model to customize your reporting file based on [Text: perl mysqltuner.pl --silent --reportfile /tmp/result_mysqltuner.txt --template=/tmp/mymodel.tmpl -__Usage:__ Enable debugging information +__Usage:__ Enable debugging information perl mysqltuner.pl --debug @@ -123,7 +123,7 @@ FAQ **Question: Will MySQLTuner fix my slow MySQL server?** -**No.** MySQLTuner is a read only script. It won't write to any configuration files, change the status of any daemons, or call your mother to wish her a happy birthday. It will give you an overview of your server's performance and make some basic recommendations about improvements that you can make after it completes. *Make sure you read the warning above prior to following any recommendations.* +**No.** MySQLTuner is a read only script. It won't write to any configuration files, change the status of any daemons, or call your mother to wish her a happy birthday. It will give you an overview of your server's performance and make some basic recommendations for improvements that you can make after it completes. *Make sure you read the warning above prior to following any recommendations.* **Question: Can I fire my DBA now?** @@ -136,7 +136,7 @@ The script will try its best to log in via any means possible. It will check fo [client] user=someusername pass=thatuserspassword - + Once you create it, make sure it's owned by your user and the mode on the file is 0600. This should prevent the prying eyes from getting your database login credentials under normal conditions. If a [T-1000 shows up in a LAPD uniform](https://en.wikipedia.org/wiki/T-1000) and demands your database credentials, you won't have much of an option. **Question: Is there another way to secure credentials on latest MySQL and MariaDB distributions ?** @@ -147,7 +147,7 @@ You could use mysql_config_editor utilities. Enter passord: ******** $ -At this time, ~/.mylogin.cnf has been written with appropriated rigth access. +After which, ~/.mylogin.cnf will be created with the appropriate access. To get information about stored credentials, use the following command: @@ -187,9 +187,9 @@ Connection and Authentication --host Connect to a remote host to perform tests (default: localhost) --socket Use a different socket for a local connection --port Port to use for connection (default: 3306) - --user Username to use for authentication + --user Username to use for authentication --pass Password to use for authentication - --defaults-file defaulfs file for credentials + --defaults-file defaults file for credentials Since you are using a remote host, use parameters to supply values from the OS @@ -214,8 +214,8 @@ MySQLTuner and Vagrant * Fedora Core 23 / MariaDB 10.1 * Fedora Core 23 / MySQL 5.6 * Fedora Core 23 / MySQL 5.7 - -**Vagrant File** are stored in Vagrant subdirectory. + +**Vagrant File** are stored in Vagrant subdirectory. * Follow this 2 steps after vagrant installation: * Rename VagrantFile_for_Mxxx into Vagrantfile * vagrant up @@ -240,9 +240,8 @@ MySQLTuner and Vagrant MySQLTuner needs you -- -**MySQLTuner** needs contributors for documentation, code and feedbacks.. +**MySQLTuner** needs contributors for documentation, code and feedback.. * Please join us on issue track at [GitHub tracker](https://github.com/major/MySQLTuner-perl/issues). -* Contribution guide is avalaible following [MySQLTuner contributing guide](https://github.com/major/MySQLTuner-perl/blob/master/CONTRIBUTING.md) +* Contribution guide is available following [MySQLTuner contributing guide](https://github.com/major/MySQLTuner-perl/blob/master/CONTRIBUTING.md) * Star **MySQLTuner project** at [MySQLTuner Git Hub Project](https://github.com/major/MySQLTuner-perl) - From 073a6244a58ddede3cc824fd8b5ca970390bab10 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Wed, 10 Jan 2018 15:14:19 +0100 Subject: [PATCH 065/102] Update git ignorewq --- .gitignore | 1 + USAGE.md | 3 +- Vagrant/Vagrantfile | 99 ++++++++++++++++++++++++++++++++++ mysqltuner.pl | 129 +++++++++++++++++++++++--------------------- 4 files changed, 171 insertions(+), 61 deletions(-) create mode 100644 Vagrant/Vagrantfile diff --git a/.gitignore b/.gitignore index ea6dd22..49265d7 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ build/build.log build/cve* build/vulnerabilities* *.bak +Vagrant/Vagrantfile diff --git a/USAGE.md b/USAGE.md index cfac532..bb9a426 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,6 +1,6 @@ # NAME - MySQLTuner 1.7.2 - MySQL High Performance Tuning Script + MySQLTuner 1.7.5 - MySQL High Performance Tuning Script # IMPORTANT USAGE GUIDELINES @@ -18,6 +18,7 @@ You must provide the remote server's total memory when connecting to other serve --userenv Name of env variable which contains username to use for authentication --pass Password to use for authentication --passenv Name of env variable which contains password to use for authentication + --ssl-ca Path to public key --mysqladmin Path to a custom mysqladmin executable --mysqlcmd Path to a custom mysql executable --defaults-file Path to a custom .my.cnf diff --git a/Vagrant/Vagrantfile b/Vagrant/Vagrantfile new file mode 100644 index 0000000..2f59cf7 --- /dev/null +++ b/Vagrant/Vagrantfile @@ -0,0 +1,99 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure(2) do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://atlas.hashicorp.com/search. + config.vm.box = "fc23-mariadb10-0" + config.vm.box_url = "https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-Vagrant-23-20151030.x86_64.vagrant-virtualbox.box" + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + config.vbguest.auto_update = true + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.0.115" + config.hostmanager.enabled = true + config.hostmanager.manage_host = true + config.hostmanager.ignore_private_ip = false + config.hostmanager.include_offline = true + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + config.vm.network "public_network" + config.vm.hostname = 'dev.app' + config.hostmanager.aliases = %w(dev.app.localdomain dev.app.local) + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + config.vm.synced_folder "./data", "/data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = false + # + # # Customize the amount of memory on the VM: + vb.memory = "1024" + end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies + # such as FTP and Heroku are also available. See the documentation at + # https://docs.vagrantup.com/v2/push/atlas.html for more information. + # config.push.define "atlas" do |push| + # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" + # end + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + config.vm.provision "shell", inline: <<-SHELL + sudo yum -y update + echo "secret" | sudo passwd --stdin root + sudo cp -pr ~vagrant/.ssh /root + sudo chown -R root.root /root/.ssh + sudo yum -y install git python + sudo pip install --upgrade pip + if [ ! -d "/data/MySQLTuner-perl" ]; then + cd /data + sudo git clone https://github.com/major/MySQLTuner-perl.git + fi + sudo yum -y install perl-WWW-Mechanize-GZip perl-App-cpanminus perl-List-MoreUtils + sudo cpanm install File::Util + + sudo yum -y install mariadb mariadb-server wget + sudo systemctl start mariadb.service + mysql -e 'select version();' + cd /data + sudo wget "https://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2" + sudo tar xvjf employees_db-full-1.0.6.tar.bz2 + cd employees_db + cat employees.sql | mysql + cd .. + cd MySQLTuner-perl + perl mysqltuner.pl --idxstat --dbstat + SHELL + config.vm.provision :hostmanager +end diff --git a/mysqltuner.pl b/mysqltuner.pl index 9b7aeee..1e0a61a 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.4 +# mysqltuner.pl - Version 1.7.5 # High Performance MySQL Tuning Script # Copyright (C) 2006-2017 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.4"; +my $tunerversion = "1.7.5"; my ( @adjvars, @generalrec ); # Set defaults @@ -66,7 +66,7 @@ my %opt = ( "nogood" => 0, "noinfo" => 0, "debug" => 0, - "nocolor" => ( ! -t STDOUT ), + "nocolor" => ( !-t STDOUT ), "forcemem" => 0, "forceswap" => 0, "host" => 0, @@ -100,27 +100,27 @@ my %opt = ( # Gather the options from the command line GetOptions( - \%opt, 'nobad', - 'nogood', 'noinfo', - 'debug', 'nocolor', - 'forcemem=i', 'forceswap=i', - 'host=s', 'socket=s', - 'port=i', 'user=s', - 'pass=s', 'skipsize', - 'checkversion', 'mysqladmin=s', - 'mysqlcmd=s', 'help', - 'buffers', 'skippassword', - 'passwordfile=s', 'outputfile=s', - 'silent', 'dbstat', - 'json', 'prettyjson', - 'idxstat', 'noask', - 'template=s', 'reportfile=s', - 'cvefile=s', 'bannedports=s', - 'updateversion', 'maxportallowed=s', - 'verbose', 'sysstat', - 'password=s', 'pfstat', - 'passenv=s', 'userenv=s', - 'defaults-file=s','ssl-ca=s' + \%opt, 'nobad', + 'nogood', 'noinfo', + 'debug', 'nocolor', + 'forcemem=i', 'forceswap=i', + 'host=s', 'socket=s', + 'port=i', 'user=s', + 'pass=s', 'skipsize', + 'checkversion', 'mysqladmin=s', + 'mysqlcmd=s', 'help', + 'buffers', 'skippassword', + 'passwordfile=s', 'outputfile=s', + 'silent', 'dbstat', + 'json', 'prettyjson', + 'idxstat', 'noask', + 'template=s', 'reportfile=s', + 'cvefile=s', 'bannedports=s', + 'updateversion', 'maxportallowed=s', + 'verbose', 'sysstat', + 'password=s', 'pfstat', + 'passenv=s', 'userenv=s', + 'defaults-file=s', 'ssl-ca=s' ) or pod2usage( -exitval => 1, @@ -708,16 +708,17 @@ sub mysql_setup { } if ( $opt{'ssl-ca'} ne 0 ) { - if ( -e -r -f $opt{'ssl-ca'} ) { - $remotestring .= " --ssl-ca=$opt{'ssl-ca'}"; - infoprint "Will connect using ssl public key passed on the command line"; - return 1; - } - else { - badprint - "Attempted to use passed ssl public key, but it was not found or could not be read"; - exit 1; - } + if ( -e -r -f $opt{'ssl-ca'} ) { + $remotestring .= " --ssl-ca=$opt{'ssl-ca'}"; + infoprint + "Will connect using ssl public key passed on the command line"; + return 1; + } + else { + badprint +"Attempted to use passed ssl public key, but it was not found or could not be read"; + exit 1; + } } # Did we already get a username without password on the command line? @@ -815,7 +816,10 @@ sub mysql_setup { exit 1; } } - elsif ( -r "/etc/mysql/debian.cnf" and $doremote == 0 and $opt{'defaults-file'} eq '' ) { + elsif ( -r "/etc/mysql/debian.cnf" + and $doremote == 0 + and $opt{'defaults-file'} eq '' ) + { # We have a debian maintenance account, use it $mysqllogin = "--defaults-file=/etc/mysql/debian.cnf"; @@ -826,8 +830,7 @@ sub mysql_setup { return 1; } else { - badprint -"Attempted to use login credentials from debian maintena + badprint "Attempted to use login credentials from debian maintena nce account, but they failed."; exit 1; } @@ -1149,14 +1152,14 @@ sub get_basic_passwords { } sub get_log_file_real_path { - my $file = shift; + my $file = shift; my $hostname = shift; - my $datadir = shift; + my $datadir = shift; if ( -f "$file" ) { return $file; } elsif ( -f "$hostname.err" ) { - return "$hostname.err" + return "$hostname.err"; } elsif ( $datadir ne "" ) { return "$datadir$hostname.err"; @@ -1167,7 +1170,9 @@ sub get_log_file_real_path { } sub log_file_recommandations { - $myvar{'log_error'} = get_log_file_real_path( $myvar{'log_error'}, $myvar{'hostname'}, $myvar{'datadir'} ); + $myvar{'log_error'} = + get_log_file_real_path( $myvar{'log_error'}, $myvar{'hostname'}, + $myvar{'datadir'} ); subheaderprint "Log file Recommendations"; infoprint "Log file: " . $myvar{'log_error'} . "(" @@ -1208,7 +1213,8 @@ sub log_file_recommandations { my @lastShutdowns; my @lastStarts; - open( my $fh, '<', $myvar{'log_error'} ) or die "Can't open $myvar{'log_error'} for read: $!"; + open( my $fh, '<', $myvar{'log_error'} ) + or die "Can't open $myvar{'log_error'} for read: $!"; while ( my $logLi = <$fh> ) { chomp $logLi; @@ -2682,7 +2688,7 @@ sub mysql_stats { if ( defined $myvar{'query_cache_type'} ) { infoprint "Query Cache Buffers"; - infoprint " +-- Query Cache: " + infoprint " +-- Query Cache: " . $myvar{'query_cache_type'} . " - " . ( $myvar{'query_cache_type'} eq 0 | @@ -3367,8 +3373,9 @@ sub mysqsl_pfs { "Performance should be activated for better diagnostics" ); push( @adjvars, "performance_schema = ON enable PFS" ); } - } else { - if ( mysql_version_le( 5, 5 ) ) { + } + else { + if ( mysql_version_le( 5, 5 ) ) { push( @generalrec, "Performance shouldn't be activated for MySQL and MariaDB 5.5 and lower version" ); @@ -3380,7 +3387,7 @@ sub mysqsl_pfs { unless ( grep /^sys$/, select_array("SHOW DATABASES") ) { infoprint "Sys schema isn't installed."; - push( @generalrec, + push( @generalrec, "Consider installing Sys schema from https://github.com/mysql/mysql-sys" ) unless ( mysql_version_le( 5, 5 ) ); return; @@ -5015,7 +5022,7 @@ sub get_wsrep_options { my @galera_options = split /;/, $myvar{'wsrep_provider_options'}; my $wsrep_slave_threads = $myvar{'wsrep_slave_threads'}; - push @galera_options, ' wsrep_slave_threads = '.$wsrep_slave_threads; + push @galera_options, ' wsrep_slave_threads = ' . $wsrep_slave_threads; @galera_options = remove_cr @galera_options; @galera_options = remove_empty @galera_options; debugprint Dumper( \@galera_options ); @@ -5085,8 +5092,8 @@ group by c.table_schema,c.table_name having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" ); - if ( get_wsrep_option('wsrep_slave_threads') > (cpu_cores) *4 - or get_wsrep_option('wsrep_slave_threads') < (cpu_cores) *3 ) + if ( get_wsrep_option('wsrep_slave_threads') > (cpu_cores) * 4 + or get_wsrep_option('wsrep_slave_threads') < (cpu_cores) * 3 ) { badprint "wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)"; @@ -5397,9 +5404,10 @@ sub mysql_innodb { if ( defined $myvar{'innodb_log_files_in_group'} ) { infoprint " +-- InnoDB Total Log File Size: " . hr_bytes( $myvar{'innodb_log_files_in_group'} * - $myvar{'innodb_log_file_size'} ) . "(" - . $mycalc{'innodb_log_size_pct'} - . " % of buffer pool)"; + $myvar{'innodb_log_file_size'} ) + . "(" + . $mycalc{'innodb_log_size_pct'} + . " % of buffer pool)"; } if ( defined $myvar{'innodb_log_buffer_size'} ) { infoprint " +-- InnoDB Log Buffer: " @@ -5452,13 +5460,14 @@ sub mysql_innodb { . $myvar{'innodb_log_files_in_group'} . "/" . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . " should be equal 25%"; - push( @adjvars, - "innodb_log_file_size should be (=" - . hr_bytes_rnd( - $myvar{'innodb_buffer_pool_size'} / - $myvar{'innodb_log_files_in_group'} / 4 - ) - . ") if possible, so InnoDB total log files size equals to 25% of buffer pool size." + push( + @adjvars, + "innodb_log_file_size should be (=" + . hr_bytes_rnd( + $myvar{'innodb_buffer_pool_size'} / + $myvar{'innodb_log_files_in_group'} / 4 + ) + . ") if possible, so InnoDB total log files size equals to 25% of buffer pool size." ); push( @generalrec, "Read this before changing innodb_log_file_size and/or innodb_log_files_in_group: http://bit.ly/2wgkDvS" @@ -6164,7 +6173,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.4 - MySQL High Performance Tuning Script + MySQLTuner 1.7.5 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From 9f7a599195447e974eaa4530baceb7ce7f146bff Mon Sep 17 00:00:00 2001 From: Marco Martinelli Date: Thu, 18 Jan 2018 07:39:52 +0100 Subject: [PATCH 066/102] Proposed fix for #268 --- mysqltuner.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 1e0a61a..149378f 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1689,7 +1689,7 @@ sub security_recommendations { } my $PASS_COLUMN_NAME = 'password'; - if ( $myvar{'version'} =~ /5.7/ ) { + if ( $myvar{'version'} =~ /5\.7|10\..*MariaDB*/ ) { $PASS_COLUMN_NAME = 'authentication_string'; } debugprint "Password column = $PASS_COLUMN_NAME"; From 06f20b1fbbc31cfcd03def7ae04699c997b6f53c Mon Sep 17 00:00:00 2001 From: Marco Martinelli Date: Wed, 14 Feb 2018 22:40:14 +0100 Subject: [PATCH 067/102] Proposed fix for #268 --- mysqltuner.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 149378f..4d7ac02 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1690,7 +1690,7 @@ sub security_recommendations { my $PASS_COLUMN_NAME = 'password'; if ( $myvar{'version'} =~ /5\.7|10\..*MariaDB*/ ) { - $PASS_COLUMN_NAME = 'authentication_string'; + $PASS_COLUMN_NAME = 'IF(plugin=\'mysql_native_password\', authentication_string, password)'; } debugprint "Password column = $PASS_COLUMN_NAME"; From 940c25c3559a6996bc7fec6e98ada657342d5b6c Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 18 Feb 2018 04:41:14 +0000 Subject: [PATCH 068/102] spelling: authentication --- USAGE.md | 2 +- mysqltuner.pl | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/USAGE.md b/USAGE.md index bb9a426..f56d4a6 100644 --- a/USAGE.md +++ b/USAGE.md @@ -9,7 +9,7 @@ Allow MySQL server to run for at least 24-48 hours before trusting suggestions Some routines may require root level privileges (script will provide warnings) You must provide the remote server's total memory when connecting to other servers -# CONNECTION AND AUTHENTIFICATION +# CONNECTION AND AUTHENTICATION --host Connect to a remote host to perform tests (default: localhost) --socket Use a different socket for a local connection diff --git a/mysqltuner.pl b/mysqltuner.pl index 1e0a61a..135e52c 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -128,7 +128,7 @@ GetOptions( -sections => [ "NAME", "IMPORTANT USAGE GUIDELINES", - "CONNECTION AND AUTHENTIFICATION", + "CONNECTION AND AUTHENTICATION", "PERFORMANCE AND REPORTING OPTIONS", "OUTPUT OPTIONS" ] @@ -141,7 +141,7 @@ if ( defined $opt{'help'} && $opt{'help'} == 1 ) { -sections => [ "NAME", "IMPORTANT USAGE GUIDELINES", - "CONNECTION AND AUTHENTIFICATION", + "CONNECTION AND AUTHENTICATION", "PERFORMANCE AND REPORTING OPTIONS", "OUTPUT OPTIONS" ] @@ -6182,7 +6182,7 @@ Allow MySQL server to run for at least 24-48 hours before trusting suggestions Some routines may require root level privileges (script will provide warnings) You must provide the remote server's total memory when connecting to other servers -=head1 CONNECTION AND AUTHENTIFICATION +=head1 CONNECTION AND AUTHENTICATION --host Connect to a remote host to perform tests (default: localhost) --socket Use a different socket for a local connection From 41949a0c6ed2b046b919de4897866fbafc5498ab Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 18 Feb 2018 04:42:13 +0000 Subject: [PATCH 069/102] spelling: configured --- INTERNALS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/INTERNALS.md b/INTERNALS.md index fe46977..0e4ceaf 100644 --- a/INTERNALS.md +++ b/INTERNALS.md @@ -194,11 +194,11 @@ ## MySQLTuner replication checks -* Is server replication configuarted as slave ? +* Is server replication configured as slave ? * SQL replacation thread running ? * IO replacation thread running ? * Replication lag in seconds -* Is Slave configuratedd in read only ? +* Is Slave configured in read only ? ## MySQLTuner InnoDB information From e8cfaa3e1722d0e7fc8bef8ce3dca0fbc4e4b77c Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 18 Feb 2018 04:42:49 +0000 Subject: [PATCH 070/102] spelling: considered --- INTERNALS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INTERNALS.md b/INTERNALS.md index 0e4ceaf..420f3da 100644 --- a/INTERNALS.md +++ b/INTERNALS.md @@ -84,7 +84,7 @@ ## MySQLTuner Server version checks * EOL MySQL version check -* Currently MySQL < 5.1 are EOF considerated. +* Currently MySQL < 5.1 are EOF considered. * Using 5.5+ version of MySQL for performance issue (asynchronous IO). ## MySQL Storage engine general information From 89027cebe19e0296fe7010edfbe430b8c29c3ff8 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 18 Feb 2018 04:43:14 +0000 Subject: [PATCH 071/102] spelling: deactivated --- INTERNALS.md | 2 +- mysqltuner.pl | 194 +++++++++++++++++++++++++------------------------- 2 files changed, 98 insertions(+), 98 deletions(-) diff --git a/INTERNALS.md b/INTERNALS.md index 420f3da..f2965d5 100644 --- a/INTERNALS.md +++ b/INTERNALS.md @@ -299,7 +299,7 @@ ## MySQLTuner performance schema and sysschema information * Check that Performance schema is activated for 5.6+ version -* Check that Performance schema is disactivated for 5.5- version +* Check that Performance schema is deactivated for 5.5- version * Check that Sys schema is installed * sys Schema version * Top user per connection diff --git a/mysqltuner.pl b/mysqltuner.pl index 135e52c..b337ba4 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -3412,7 +3412,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery conn(s)"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top user per statement @@ -3427,7 +3427,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery stmt(s)"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top user per statement latency @@ -3442,7 +3442,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top user per lock latency @@ -3457,7 +3457,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top user per full scans @@ -3472,7 +3472,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top user per row_sent @@ -3487,7 +3487,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top user per row modified @@ -3502,7 +3502,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top user per io @@ -3517,7 +3517,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top user per io latency @@ -3532,7 +3532,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top host per connection @@ -3547,7 +3547,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery conn(s)"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top host per statement @@ -3562,7 +3562,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery stmt(s)"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top host per statement latency @@ -3577,7 +3577,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top host per lock latency @@ -3592,7 +3592,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top host per full scans @@ -3607,7 +3607,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top host per rows sent @@ -3622,7 +3622,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top host per rows modified @@ -3637,7 +3637,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top host per io @@ -3652,7 +3652,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top 5 host per io latency @@ -3667,7 +3667,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top IO type order by total io @@ -3682,7 +3682,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery i/o"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top IO type order by total latency @@ -3697,7 +3697,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top IO type order by max latency @@ -3712,7 +3712,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top Stages order by total io @@ -3727,7 +3727,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery i/o"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top Stages order by total latency @@ -3742,7 +3742,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top Stages order by avg latency @@ -3757,7 +3757,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top host per table scans @@ -3772,7 +3772,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # InnoDB Buffer Pool by schema @@ -3787,7 +3787,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery page(s)"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # InnoDB Buffer Pool by table @@ -3802,7 +3802,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery page(s)"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Process per allocated memory @@ -3817,7 +3817,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # InnoDB Lock Waits @@ -3832,7 +3832,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Threads IO Latency @@ -3847,7 +3847,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # High Cost SQL statements @@ -3862,7 +3862,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top 5% slower queries @@ -3877,7 +3877,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery s"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top 10 nb statement type @@ -3892,7 +3892,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top statement by total latency @@ -3907,7 +3907,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top statement by lock latency @@ -3922,7 +3922,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top statement by full scans @@ -3937,7 +3937,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top statement by rows sent @@ -3952,7 +3952,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Top statement by rows modified @@ -3967,7 +3967,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Use temporary tables @@ -3982,7 +3982,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Unused Indexes @@ -3992,7 +3992,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Full table scans @@ -4007,7 +4007,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Latest file IO by latency @@ -4022,7 +4022,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # FILE by IO read bytes @@ -4037,7 +4037,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # FILE by IO written bytes @@ -4052,7 +4052,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # file per IO total latency @@ -4067,7 +4067,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # file per IO read latency @@ -4082,7 +4082,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # file per IO write latency @@ -4097,7 +4097,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Event Wait by read bytes @@ -4112,7 +4112,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Event Wait by write bytes @@ -4127,7 +4127,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # event per wait total latency @@ -4142,7 +4142,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # event per wait read latency @@ -4157,7 +4157,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # event per wait write latency @@ -4172,7 +4172,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); #schema_index_statistics @@ -4188,7 +4188,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # TOP 15 most used index @@ -4203,7 +4203,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # TOP 15 high read latency index @@ -4218,7 +4218,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # TOP 15 high insert latency index @@ -4233,7 +4233,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # TOP 15 high update latency index @@ -4248,7 +4248,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # TOP 15 high delete latency index @@ -4263,7 +4263,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # TOP 15 most read tables @@ -4278,7 +4278,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # TOP 15 most used tables @@ -4293,7 +4293,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # TOP 15 high read latency tables @@ -4308,7 +4308,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # TOP 15 high insert latency tables @@ -4323,7 +4323,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # TOP 15 high update latency tables @@ -4338,7 +4338,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # TOP 15 high delete latency tables @@ -4353,7 +4353,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); # Redundant indexes @@ -4365,7 +4365,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: Tables not using InnoDB buffer"; @@ -4379,7 +4379,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: Table not using InnoDB buffer"; @@ -4393,7 +4393,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: Table not using InnoDB buffer"; $nbL = 1; @@ -4406,7 +4406,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: Top 15 Tables using InnoDB buffer"; @@ -4420,7 +4420,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: Top 15 Tables with InnoDB buffer free"; @@ -4434,7 +4434,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: Top 15 Most executed queries"; @@ -4448,7 +4448,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint @@ -4463,7 +4463,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: Top 20 queries with full table scans"; @@ -4477,7 +4477,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: Last 50 queries with full table scans"; @@ -4491,7 +4491,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: TOP 15 reader queries (95% percentile)"; @@ -4505,7 +4505,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint @@ -4520,7 +4520,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint @@ -4535,7 +4535,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint @@ -4550,7 +4550,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint @@ -4565,7 +4565,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: Top 20 queries with sort"; @@ -4579,7 +4579,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: Last 50 queries with sort"; @@ -4593,7 +4593,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: TOP 15 row sorting queries with sort"; @@ -4607,7 +4607,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: TOP 15 total latency queries with sort"; @@ -4621,7 +4621,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: TOP 15 merge queries with sort"; @@ -4635,7 +4635,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint @@ -4650,7 +4650,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: TOP 15 scans queries with sort"; @@ -4664,7 +4664,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: TOP 15 range queries with sort"; @@ -4678,7 +4678,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); ################################################################################## @@ -4714,7 +4714,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: Last 50 queries with temp table"; @@ -4728,7 +4728,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint @@ -4743,7 +4743,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: TOP 15 queries with temp table to disk"; @@ -4757,7 +4757,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); ################################################################################## @@ -4784,7 +4784,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: TOP 30 events by number"; @@ -4798,7 +4798,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: TOP 15 class events by total latency"; @@ -4812,7 +4812,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: TOP 30 events by total latency"; @@ -4826,7 +4826,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: TOP 15 class events by max latency"; @@ -4840,7 +4840,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); subheaderprint "Performance schema: TOP 30 events by max latency"; @@ -4854,7 +4854,7 @@ sub mysqsl_pfs { infoprint " +-- $nbL: $lQuery"; $nbL++; } - infoprint "No information found or indicators desactivated." + infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); } From d714eb9a57c2689a450dd7c765dfb64443ed03cb Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 18 Feb 2018 04:44:13 +0000 Subject: [PATCH 072/102] spelling: efficiency --- INTERNALS.md | 6 +++--- mysqltuner.pl | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/INTERNALS.md b/INTERNALS.md index f2965d5..5f2bcb1 100644 --- a/INTERNALS.md +++ b/INTERNALS.md @@ -179,7 +179,7 @@ * Query Cache Buffers * Query Cache DISABLED, ALL REQUEST or ON DEMAND * Query Cache Size - * Query cache hit ratio (cache efficienty) + * Query cache hit ratio (cache efficiency) ## MySQLTuner memory checks @@ -213,9 +213,9 @@ * If more than 20% of InnoDB buffer pool is not used, MySQLTuner raise an alert. * InnoDB Buffer Pool Log Size * InnoDB total log file size should be 25% of innodb_buffer_pool_size -* InnoDB Read effiency +* InnoDB Read efficiency * Ratio of read without locks -* InnoDB Write effiency +* InnoDB Write efficiency * Ratio of write without locks * InnoDB Log Waits * Checks that no lock is used on Innodb Log. diff --git a/mysqltuner.pl b/mysqltuner.pl index b337ba4..4f8d5df 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -2574,7 +2574,7 @@ sub calculations { $myvar{'innodb_buffer_pool_size'} ); } - # InnoDB Buffer pool read cache effiency + # InnoDB Buffer pool read cache efficiency ( $mystat{'Innodb_buffer_pool_read_requests'}, $mystat{'Innodb_buffer_pool_reads'} @@ -2594,7 +2594,7 @@ sub calculations { debugprint "Innodb_buffer_pool_read_requests: " . $mystat{'Innodb_buffer_pool_read_requests'} . ""; - # InnoDB log write cache effiency + # InnoDB log write cache efficiency ( $mystat{'Innodb_log_write_requests'}, $mystat{'Innodb_log_writes'} ) = ( 1, 1 ) unless defined $mystat{'Innodb_log_writes'}; @@ -5565,7 +5565,7 @@ sub mysql_innodb { } } - # InnoDB Read efficency + # InnoDB Read efficiency if ( defined $mycalc{'pct_read_efficiency'} && $mycalc{'pct_read_efficiency'} < 90 ) { From 29d69c386664ddb5bd25e7a3237e1cc7daa95ff9 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 18 Feb 2018 04:57:26 +0000 Subject: [PATCH 073/102] spelling: indenting --- build/updateStaff.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/updateStaff.sh b/build/updateStaff.sh index 2b6a220..a357749 100644 --- a/build/updateStaff.sh +++ b/build/updateStaff.sh @@ -11,5 +11,5 @@ perl updateCVElist.pl git add ../vulnerabilities.csv ../mysqltuner.pl ./USAGE.md git commit -m 'Update Vulnerabilities list -Identing mysqltuner +Indenting mysqltuner Update Usage information' \ No newline at end of file From e0c76333f2c79dc505106a42e78f7b729d2a69c8 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 18 Feb 2018 04:57:57 +0000 Subject: [PATCH 074/102] spelling: instance --- INTERNALS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INTERNALS.md b/INTERNALS.md index 5f2bcb1..87abc18 100644 --- a/INTERNALS.md +++ b/INTERNALS.md @@ -206,7 +206,7 @@ * If possible, innodb_buffer_pool_size should be greater data and index size for Innodb Table * Innodb_buffer_pool_size should around 75 to 80 % of the available system memory. * InnoDB Buffer Pool Instances - * MySQL needs 1 instanes per 1Go of Buffer Pool + * MySQL needs 1 instance per 1Go of Buffer Pool * innodb_buffer_pool instances = round(innodb_buffer_pool_size / 1Go) * innodb_buffer_pool instances must be equals or lower than 64 * InnoDB Buffer Pool Usage From 249a4b7c559f354785f708864a5faf6d8f05dd1f Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 18 Feb 2018 04:59:11 +0000 Subject: [PATCH 075/102] spelling: password --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 25c2357..db5e21b 100644 --- a/README.md +++ b/README.md @@ -144,7 +144,7 @@ Once you create it, make sure it's owned by your user and the mode on the file i You could use mysql_config_editor utilities. $ mysql_config_editor set --login-path=client --user=someusername --password --host=localhost - Enter passord: ******** + Enter password: ******** $ After which, ~/.mylogin.cnf will be created with the appropriate access. From 878de6b7e10a41a471c5d82cb583650a6e178fb3 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 18 Feb 2018 04:59:38 +0000 Subject: [PATCH 076/102] spelling: recommendations --- mysqltuner.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 4f8d5df..5c9ba16 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1169,7 +1169,7 @@ sub get_log_file_real_path { } } -sub log_file_recommandations { +sub log_file_recommendations { $myvar{'log_error'} = get_log_file_real_path( $myvar{'log_error'}, $myvar{'hostname'}, $myvar{'datadir'} ); @@ -6134,7 +6134,7 @@ validate_mysql_version; # Check current MySQL version check_architecture; # Suggest 64-bit upgrade system_recommendations; # avoid to many service on the same host -log_file_recommandations; # check log file content +log_file_recommendations; # check log file content check_storage_engines; # Show enabled storage engines mysql_databases; # Show informations about databases mysql_tables; # Show informations about table column From 3b764982600b0c69f463e5bc6734fd385b8a863f Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 18 Feb 2018 04:59:50 +0000 Subject: [PATCH 077/102] spelling: release --- mysqltuner.pl | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 5c9ba16..f94a5d5 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1372,10 +1372,10 @@ sub get_other_process_memory { sub get_os_release { if ( -f "/etc/lsb-release" ) { my @info_release = get_file_contents "/etc/lsb-release"; - my $os_relase = $info_release[3]; - $os_relase =~ s/.*="//; - $os_relase =~ s/"$//; - return $os_relase; + my $os_release = $info_release[3]; + $os_release =~ s/.*="//; + $os_release =~ s/"$//; + return $os_release; } if ( -f "/etc/system-release" ) { @@ -1385,17 +1385,17 @@ sub get_os_release { if ( -f "/etc/os-release" ) { my @info_release = get_file_contents "/etc/os-release"; - my $os_relase = $info_release[0]; - $os_relase =~ s/.*="//; - $os_relase =~ s/"$//; - return $os_relase; + my $os_release = $info_release[0]; + $os_release =~ s/.*="//; + $os_release =~ s/"$//; + return $os_release; } if ( -f "/etc/issue" ) { my @info_release = get_file_contents "/etc/issue"; - my $os_relase = $info_release[0]; - $os_relase =~ s/\s+\\n.*//; - return $os_relase; + my $os_release = $info_release[0]; + $os_release =~ s/\s+\\n.*//; + return $os_release; } return "Unknown OS release"; } From 61afc2404e9bb3184f5c15e485e16b02cf8028b8 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 18 Feb 2018 05:00:05 +0000 Subject: [PATCH 078/102] spelling: replication --- INTERNALS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/INTERNALS.md b/INTERNALS.md index 87abc18..67daa0a 100644 --- a/INTERNALS.md +++ b/INTERNALS.md @@ -195,8 +195,8 @@ ## MySQLTuner replication checks * Is server replication configured as slave ? -* SQL replacation thread running ? -* IO replacation thread running ? +* SQL replication thread running ? +* IO replication thread running ? * Replication lag in seconds * Is Slave configured in read only ? From 38e5e7ec88b714a24eb3f8ab3d2e6ebed8020bb9 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 18 Feb 2018 05:05:57 +0000 Subject: [PATCH 079/102] spelling: update --- build/updateStaff.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/updateStaff.sh b/build/updateStaff.sh index a357749..00cf77b 100644 --- a/build/updateStaff.sh +++ b/build/updateStaff.sh @@ -6,7 +6,7 @@ pod2markdown mysqltuner.pl >USAGE.md echo "* TIDYFY SCRIPT" perltidy -b mysqltuner.pl ) -echo "* Udate CVE list" +echo "* Update CVE list" perl updateCVElist.pl git add ../vulnerabilities.csv ../mysqltuner.pl ./USAGE.md From 13c885a5295ed55fd590f4b01cbb02f0e3725ce3 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Thu, 22 Feb 2018 15:18:39 +0100 Subject: [PATCH 080/102] Issue #372 --- mysqltuner.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 1e0a61a..bc7b4cc 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.5 +# mysqltuner.pl - Version 1.7.6 # High Performance MySQL Tuning Script # Copyright (C) 2006-2017 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.5"; +my $tunerversion = "1.7.6"; my ( @adjvars, @generalrec ); # Set defaults @@ -5266,7 +5266,7 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" badprint "Galera Notify command is not defined."; push( @adjvars, "set up parameter wsrep_notify_cmd to be notify" ); } - if ( trim( $myvar{'wsrep_sst_method'} ) !~ "^xtrabackup.*" ) { + if ( trim( $myvar{'wsrep_sst_method'} ) !~ "^xtrabackup.*" and trim( $myvar{'wsrep_sst_method'} ) !~ "^mariabackup") { badprint "Galera SST method is not xtrabackup based."; push( @adjvars, "set up parameter wsrep_sst_method to xtrabackup based parameter" @@ -6173,7 +6173,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.5 - MySQL High Performance Tuning Script + MySQLTuner 1.7.6 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From 50f3a0d9651d14d10dd6ef0d97b89ad8d77bdc1c Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Thu, 22 Feb 2018 15:24:20 +0100 Subject: [PATCH 081/102] Small quotes issue --- mysqltuner.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index a256a34..f610bab 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1690,7 +1690,7 @@ sub security_recommendations { my $PASS_COLUMN_NAME = 'password'; if ( $myvar{'version'} =~ /5\.7|10\..*MariaDB*/ ) { - $PASS_COLUMN_NAME = 'IF(plugin=\'mysql_native_password\', authentication_string, password)'; + $PASS_COLUMN_NAME = "IF(plugin='mysql_native_password', authentication_string, password)"; } debugprint "Password column = $PASS_COLUMN_NAME"; From 6d95d8642cb1b8385f6f8a9bcce806fce5cc5c95 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Thu, 22 Feb 2018 15:29:33 +0100 Subject: [PATCH 082/102] Update code, doc and vulnerabilities --- USAGE.md | 2 +- mysqltuner.pl | 13 +- vulnerabilities.csv | 1126 ++++++++++++++++++++++++------------------- 3 files changed, 631 insertions(+), 510 deletions(-) diff --git a/USAGE.md b/USAGE.md index f56d4a6..6ec0b55 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,6 +1,6 @@ # NAME - MySQLTuner 1.7.5 - MySQL High Performance Tuning Script + MySQLTuner 1.7.6 - MySQL High Performance Tuning Script # IMPORTANT USAGE GUIDELINES diff --git a/mysqltuner.pl b/mysqltuner.pl index cca3a77..48b7c5f 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1372,7 +1372,7 @@ sub get_other_process_memory { sub get_os_release { if ( -f "/etc/lsb-release" ) { my @info_release = get_file_contents "/etc/lsb-release"; - my $os_release = $info_release[3]; + my $os_release = $info_release[3]; $os_release =~ s/.*="//; $os_release =~ s/"$//; return $os_release; @@ -1385,7 +1385,7 @@ sub get_os_release { if ( -f "/etc/os-release" ) { my @info_release = get_file_contents "/etc/os-release"; - my $os_release = $info_release[0]; + my $os_release = $info_release[0]; $os_release =~ s/.*="//; $os_release =~ s/"$//; return $os_release; @@ -1393,7 +1393,7 @@ sub get_os_release { if ( -f "/etc/issue" ) { my @info_release = get_file_contents "/etc/issue"; - my $os_release = $info_release[0]; + my $os_release = $info_release[0]; $os_release =~ s/\s+\\n.*//; return $os_release; } @@ -1690,7 +1690,8 @@ sub security_recommendations { my $PASS_COLUMN_NAME = 'password'; if ( $myvar{'version'} =~ /5\.7|10\..*MariaDB*/ ) { - $PASS_COLUMN_NAME = "IF(plugin='mysql_native_password', authentication_string, password)"; + $PASS_COLUMN_NAME = + "IF(plugin='mysql_native_password', authentication_string, password)"; } debugprint "Password column = $PASS_COLUMN_NAME"; @@ -5266,7 +5267,9 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" badprint "Galera Notify command is not defined."; push( @adjvars, "set up parameter wsrep_notify_cmd to be notify" ); } - if ( trim( $myvar{'wsrep_sst_method'} ) !~ "^xtrabackup.*" and trim( $myvar{'wsrep_sst_method'} ) !~ "^mariabackup") { + if ( trim( $myvar{'wsrep_sst_method'} ) !~ "^xtrabackup.*" + and trim( $myvar{'wsrep_sst_method'} ) !~ "^mariabackup" ) + { badprint "Galera SST method is not xtrabackup based."; push( @adjvars, "set up parameter wsrep_sst_method to xtrabackup based parameter" diff --git a/vulnerabilities.csv b/vulnerabilities.csv index d1cabb3..7319417 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -1,118 +1,118 @@ -4.0.20;4;0;20;CVE-2004-0457;Candidate;"The mysqlhotcopy script in mysql 4.0.20 and earlier; when using the scp method from the mysql-server package; allows local users to overwrite arbitrary files via a symlink attack on temporary files.";"DEBIAN:DSA-540 | URL:http://www.debian.org/security/2004/dsa-540 | CONFIRM:http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | OVAL:oval:org.mitre.oval:def:10693 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10693 | XF:mysql-mysqlhotcopy-insecure-file(17030) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17030";Assigned (20040506);"None (candidate not yet proposed)"; +4.0.20;4;0;20;CVE-2004-0457;Candidate;"The mysqlhotcopy script in mysql 4.0.20 and earlier; when using the scp method from the mysql-server package; allows local users to overwrite arbitrary files via a symlink attack on temporary files.";"DEBIAN:DSA-540 | URL:http://www.debian.org/security/2004/dsa-540 | CONFIRM:http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | OVAL:oval:org.mitre.oval:def:10693 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10693 | XF:mysql-mysqlhotcopy-insecure-file(17030) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17030";Assigned (20040506);"None (candidate not yet proposed)"; 4.0.20;4;0;20;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17047";Assigned (20040908);"None (candidate not yet proposed)"; 3.23.48;3;23;48;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17047";Assigned (20040908);"None (candidate not yet proposed)"; 4.1.9;4;1;9;CVE-2005-0799;Candidate;"MySQL 4.1.9; and possibly earlier versions; allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.";"BUGTRAQ:20050315 Denial of Service Vulnerability in MySQL Server for Windows | URL:http://marc.info/?l=bugtraq&m=111091250923281&w=2 | CONFIRM:http://bugs.mysql.com/bug.php?id=9148 | SECUNIA:14564 | URL:http://secunia.com/advisories/14564";Assigned (20050320);"None (candidate not yet proposed)"; -4.1.20;4;1;20;CVE-2006-3469;Candidate;"Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function; which is later used in a formatted print call to display the error message.";"MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 | MISC:http://bugs.mysql.com/bug.php?id=20729 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html | CONFIRM:http://docs.info.apple.com/article.html?artnum=305214 | APPLE:APPLE-SA-2007-03-13 | URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | DEBIAN:DSA-1112 | URL:http://www.debian.org/security/2006/dsa-1112 | GENTOO:GLSA-200608-09 | URL:http://security.gentoo.org/glsa/glsa-200608-09.xml | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | UBUNTU:USN-321-1 | URL:http://www.ubuntu.com/usn/usn-321-1 | CERT:TA07-072A | URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html | BID:19032 | URL:http://www.securityfocus.com/bid/19032 | OVAL:oval:org.mitre.oval:def:9827 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9827 | VUPEN:ADV-2007-0930 | URL:http://www.vupen.com/english/advisories/2007/0930 | SECUNIA:21147 | URL:http://secunia.com/advisories/21147 | SECUNIA:21366 | URL:http://secunia.com/advisories/21366 | SECUNIA:24479 | URL:http://secunia.com/advisories/24479 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226";Assigned (20060710);"None (candidate not yet proposed)"; -4.1.22;4;1;22;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.41;5;0;41;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; -5.1.17;5;1;17;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.44;5;0;44;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:http://xforce.iss.net/xforce/xfdb/34347";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.39;5;0;39;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; -5.1.17;5;1;17;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.44;5;0;44;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:http://xforce.iss.net/xforce/xfdb/34348";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.44;5;0;44;CVE-2007-3780;Candidate;"MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=28984 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2007:0875 | URL:http://www.redhat.com/support/errata/RHSA-2007-0875.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:36732 | URL:http://osvdb.org/36732 | OVAL:oval:org.mitre.oval:def:11058 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11058 | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | SECTRACK:1018629 | URL:http://www.securitytracker.com/id?1018629 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26621 | URL:http://secunia.com/advisories/26621 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823";Assigned (20070715);"None (candidate not yet proposed)"; -5.0.44;5;0;44;CVE-2007-3781;Candidate;"MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement; which allows remote authenticated users to obtain sensitive information such as the table structure.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=25578 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:37783 | URL:http://osvdb.org/37783 | OVAL:oval:org.mitre.oval:def:9195 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9195 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; -5.0.44;5;0;44;CVE-2007-3782;Candidate;"MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://bugs.mysql.com/bug.php?id=27878 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OVAL:oval:org.mitre.oval:def:10563 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10563 | SECTRACK:1018663 | URL:http://securitytracker.com/id?1018663 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; -5.0.50;5;0;50;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; -5.0.51;5;0;51;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; -5.1.22;5;1;22;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; -6.0.3;6;0;3;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; -5.0.50;5;0;50;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; -5.1.22;5;1;22;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; -6.0.3;6;0;3;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:http://xforce.iss.net/xforce/xfdb/38989";Assigned (20071210);"None (candidate not yet proposed)"; -5.0.50;5;0;50;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; -5.1.22;5;1;22;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; -6.0.3;6;0;3;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:http://xforce.iss.net/xforce/xfdb/38990";Assigned (20071210);"None (candidate not yet proposed)"; +4.1.20;4;1;20;CVE-2006-3469;Candidate;"Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function; which is later used in a formatted print call to display the error message.";"MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 | MISC:http://bugs.mysql.com/bug.php?id=20729 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html | CONFIRM:http://docs.info.apple.com/article.html?artnum=305214 | APPLE:APPLE-SA-2007-03-13 | URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | DEBIAN:DSA-1112 | URL:http://www.debian.org/security/2006/dsa-1112 | GENTOO:GLSA-200608-09 | URL:http://security.gentoo.org/glsa/glsa-200608-09.xml | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | UBUNTU:USN-321-1 | URL:http://www.ubuntu.com/usn/usn-321-1 | CERT:TA07-072A | URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html | BID:19032 | URL:http://www.securityfocus.com/bid/19032 | OVAL:oval:org.mitre.oval:def:9827 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9827 | VUPEN:ADV-2007-0930 | URL:http://www.vupen.com/english/advisories/2007/0930 | SECUNIA:21147 | URL:http://secunia.com/advisories/21147 | SECUNIA:21366 | URL:http://secunia.com/advisories/21366 | SECUNIA:24479 | URL:http://secunia.com/advisories/24479 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226";Assigned (20060710);"None (candidate not yet proposed)"; +4.1.22;4;1;22;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.41;5;0;41;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)"; +5.1.17;5;1;17;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.39;5;0;39;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34348";Assigned (20070515);"None (candidate not yet proposed)"; +5.1.17;5;1;17;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34348";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34348";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-3780;Candidate;"MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=28984 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2007:0875 | URL:http://www.redhat.com/support/errata/RHSA-2007-0875.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:36732 | URL:http://osvdb.org/36732 | OVAL:oval:org.mitre.oval:def:11058 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11058 | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | SECTRACK:1018629 | URL:http://www.securitytracker.com/id?1018629 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26621 | URL:http://secunia.com/advisories/26621 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823";Assigned (20070715);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-3781;Candidate;"MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement; which allows remote authenticated users to obtain sensitive information such as the table structure.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=25578 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:37783 | URL:http://osvdb.org/37783 | OVAL:oval:org.mitre.oval:def:9195 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-3782;Candidate;"MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://bugs.mysql.com/bug.php?id=27878 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OVAL:oval:org.mitre.oval:def:10563 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10563 | SECTRACK:1018663 | URL:http://securitytracker.com/id?1018663 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; +5.0.50;5;0;50;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; +5.0.51;5;0;51;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; +5.1.22;5;1;22;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; +6.0.3;6;0;3;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; +5.0.50;5;0;50;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38989";Assigned (20071210);"None (candidate not yet proposed)"; +5.1.22;5;1;22;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38989";Assigned (20071210);"None (candidate not yet proposed)"; +6.0.3;6;0;3;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38989";Assigned (20071210);"None (candidate not yet proposed)"; +5.0.50;5;0;50;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38990";Assigned (20071210);"None (candidate not yet proposed)"; +5.1.22;5;1;22;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38990";Assigned (20071210);"None (candidate not yet proposed)"; +6.0.3;6;0;3;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38990";Assigned (20071210);"None (candidate not yet proposed)"; 5.1.22;5;1;22;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; 6.0.3;6;0;3;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; -5.0.65;5;0;65;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; -5.1.25;5;1;25;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; -6.0.5;6;0;5;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:http://xforce.iss.net/xforce/xfdb/45042";Assigned (20080909);"None (candidate not yet proposed)"; -5.0.87;5;0;87;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; -5.1.40;5;1;40;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; -1.9.8;1;9;8;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.0.89;5;0;89;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.1.42;5;1;42;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.5.-1;5;5;-1;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.0.50;5;0;50;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; -37.1.0;37;1;0;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:http://xforce.iss.net/xforce/xfdb/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.0.65;5;0;65;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)"; +5.1.25;5;1;25;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)"; +6.0.5;6;0;5;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)"; +5.0.87;5;0;87;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; +5.1.40;5;1;40;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; +1.9.8;1;9;8;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.0.89;5;0;89;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.1.42;5;1;42;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.5.-1;5;5;-1;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.0.50;5;0;50;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; +37.1.0;37;1;0;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; 5.0.92;5;0;92;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; 5.1.49;5;1;49;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; -5.1.47;5;1;47;CVE-2010-2008;Candidate;"MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot); .. (dot dot); ../ (dot dot slash) or similar sequence; and an UPGRADE DATA DIRECTORY NAME command; which causes MySQL to move certain directories to the server data directory.";"CONFIRM:http://bugs.mysql.com/bug.php?id=53804 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html | FEDORA:FEDORA-2010-11135 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html | MANDRIVA:MDVSA-2010:155 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:41198 | URL:http://www.securityfocus.com/bid/41198 | OVAL:oval:org.mitre.oval:def:11869 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11869 | SECTRACK:1024160 | URL:http://www.securitytracker.com/id?1024160 | SECUNIA:40333 | URL:http://secunia.com/advisories/40333 | SECUNIA:40762 | URL:http://secunia.com/advisories/40762 | VUPEN:ADV-2010-1918 | URL:http://www.vupen.com/english/advisories/2010/1918";Assigned (20100521);"None (candidate not yet proposed)"; -5.0.91;5;0;91;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.5;5;5;5;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:http://xforce.iss.net/xforce/xfdb/64845";Assigned (20101007);"None (candidate not yet proposed)"; -5.0.91;5;0;91;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.5;5;5;5;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:http://xforce.iss.net/xforce/xfdb/64844";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.5;5;5;5;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:http://xforce.iss.net/xforce/xfdb/64843";Assigned (20101007);"None (candidate not yet proposed)"; -5.0.91;5;0;91;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.5;5;5;5;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:http://xforce.iss.net/xforce/xfdb/64842";Assigned (20101007);"None (candidate not yet proposed)"; -5.0.91;5;0;91;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.5;5;5;5;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:http://xforce.iss.net/xforce/xfdb/64841";Assigned (20101007);"None (candidate not yet proposed)"; -5.0.91;5;0;91;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.5;5;5;5;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:http://xforce.iss.net/xforce/xfdb/64840";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3840;Candidate;"The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.";"MISC:http://lists.mysql.com/commits/117094 | CONFIRM:http://bugs.mysql.com/bug.php?id=51875 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640865 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0824 | URL:http://www.redhat.com/support/errata/RHSA-2010-0824.html | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-gislinestringinitfromwkb-dos(64838) | URL:http://xforce.iss.net/xforce/xfdb/64838";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.47;5;1;47;CVE-2010-2008;Candidate;"MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot); .. (dot dot); ../ (dot dot slash) or similar sequence; and an UPGRADE DATA DIRECTORY NAME command; which causes MySQL to move certain directories to the server data directory.";"CONFIRM:http://bugs.mysql.com/bug.php?id=53804 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html | FEDORA:FEDORA-2010-11135 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html | MANDRIVA:MDVSA-2010:155 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:41198 | URL:http://www.securityfocus.com/bid/41198 | OVAL:oval:org.mitre.oval:def:11869 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11869 | SECTRACK:1024160 | URL:http://www.securitytracker.com/id?1024160 | SECUNIA:40333 | URL:http://secunia.com/advisories/40333 | SECUNIA:40762 | URL:http://secunia.com/advisories/40762 | VUPEN:ADV-2010-1918 | URL:http://www.vupen.com/english/advisories/2010/1918";Assigned (20100521);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64845";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64845";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64845";Assigned (20101007);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64844";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64844";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64844";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64843";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64843";Assigned (20101007);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64842";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64842";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64842";Assigned (20101007);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64841";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64841";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64841";Assigned (20101007);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64840";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64840";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64840";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3840;Candidate;"The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.";"MISC:http://lists.mysql.com/commits/117094 | CONFIRM:http://bugs.mysql.com/bug.php?id=51875 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640865 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0824 | URL:http://www.redhat.com/support/errata/RHSA-2010-0824.html | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-gislinestringinitfromwkb-dos(64838) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64838";Assigned (20101007);"None (candidate not yet proposed)"; 0.9.3;0;9;3;CVE-2011-0432;Candidate;"Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.";"CONFIRM:http://code.google.com/p/pywebdav/updates/list | CONFIRM:http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=677718 | DEBIAN:DSA-2177 | URL:http://www.debian.org/security/2011/dsa-2177 | FEDORA:FEDORA-2011-2427 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html | FEDORA:FEDORA-2011-2460 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html | FEDORA:FEDORA-2011-2470 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html | BID:46655 | URL:http://www.securityfocus.com/bid/46655 | SECUNIA:43571 | URL:http://secunia.com/advisories/43571 | SECUNIA:43602 | URL:http://secunia.com/advisories/43602 | SECUNIA:43703 | URL:http://secunia.com/advisories/43703 | VUPEN:ADV-2011-0553 | URL:http://www.vupen.com/english/advisories/2011/0553 | VUPEN:ADV-2011-0554 | URL:http://www.vupen.com/english/advisories/2011/0554 | VUPEN:ADV-2011-0634 | URL:http://www.vupen.com/english/advisories/2011/0634";Assigned (20110112);"None (candidate not yet proposed)"; -5.1.62;5;1;62;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:http://xforce.iss.net/xforce/xfdb/77061";Assigned (20120111);"None (candidate not yet proposed)"; -5.5.23;5;5;23;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:http://xforce.iss.net/xforce/xfdb/77061";Assigned (20120111);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17266 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17266 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17266 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17266 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2012-0578;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16947 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16947 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.1.60;5;1;60;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53061 | URL:http://www.securityfocus.com/bid/53061 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.5.19;5;5;19;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53061 | URL:http://www.securityfocus.com/bid/53061 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.1.61;5;1;61;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53067 | URL:http://www.securityfocus.com/bid/53067 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.21;5;5;21;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53067 | URL:http://www.securityfocus.com/bid/53067 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.62;5;1;62;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54547 | URL:http://www.securityfocus.com/bid/54547 | OSVDB:83980 | URL:http://osvdb.org/83980 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:http://xforce.iss.net/xforce/xfdb/77065";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.22;5;5;22;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54547 | URL:http://www.securityfocus.com/bid/54547 | OSVDB:83980 | URL:http://osvdb.org/83980 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:http://xforce.iss.net/xforce/xfdb/77065";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.61;5;1;61;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53074 | URL:http://www.securityfocus.com/bid/53074 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.21;5;5;21;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53074 | URL:http://www.securityfocus.com/bid/53074 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.19;5;5;19;CVE-2012-1696;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53071 | URL:http://www.securityfocus.com/bid/53071 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.21;5;5;21;CVE-2012-1697;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53064 | URL:http://www.securityfocus.com/bid/53064 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17186 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17186 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17186 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17186 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.61;5;1;61;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53058 | URL:http://www.securityfocus.com/bid/53058 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.21;5;5;21;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53058 | URL:http://www.securityfocus.com/bid/53058 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17268 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17268 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17268 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17268 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.62;5;1;62;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54540 | URL:http://www.securityfocus.com/bid/54540 | OSVDB:83979 | URL:http://osvdb.org/83979 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:http://xforce.iss.net/xforce/xfdb/77064";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.23;5;5;23;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54540 | URL:http://www.securityfocus.com/bid/54540 | OSVDB:83979 | URL:http://osvdb.org/83979 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:http://xforce.iss.net/xforce/xfdb/77064";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.23;5;5;23;CVE-2012-1735;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54549 | URL:http://www.securityfocus.com/bid/54549 | OSVDB:83975 | URL:http://osvdb.org/83975 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-serveroptimizer-dos(77060) | URL:http://xforce.iss.net/xforce/xfdb/77060";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.23;5;5;23;CVE-2012-1756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54524 | URL:http://www.securityfocus.com/bid/54524 | OSVDB:83978 | URL:http://osvdb.org/83978 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-server1-dos(77063) | URL:http://xforce.iss.net/xforce/xfdb/77063";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.23;5;5;23;CVE-2012-1757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54526 | URL:http://www.securityfocus.com/bid/54526 | OSVDB:83977 | URL:http://osvdb.org/83977 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-innodb1-dos(77062) | URL:http://xforce.iss.net/xforce/xfdb/77062";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.62;5;1;62;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77061";Assigned (20120111);"None (candidate not yet proposed)"; +5.5.23;5;5;23;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77061";Assigned (20120111);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17266 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17266 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17266 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17266 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-0578;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16947 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16947 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.1.60;5;1;60;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53061 | URL:http://www.securityfocus.com/bid/53061 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.5.19;5;5;19;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53061 | URL:http://www.securityfocus.com/bid/53061 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.1.61;5;1;61;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53067 | URL:http://www.securityfocus.com/bid/53067 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.21;5;5;21;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53067 | URL:http://www.securityfocus.com/bid/53067 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.62;5;1;62;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54547 | URL:http://www.securityfocus.com/bid/54547 | OSVDB:83980 | URL:http://osvdb.org/83980 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77065";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.22;5;5;22;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54547 | URL:http://www.securityfocus.com/bid/54547 | OSVDB:83980 | URL:http://osvdb.org/83980 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77065";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.61;5;1;61;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53074 | URL:http://www.securityfocus.com/bid/53074 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.21;5;5;21;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53074 | URL:http://www.securityfocus.com/bid/53074 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.19;5;5;19;CVE-2012-1696;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53071 | URL:http://www.securityfocus.com/bid/53071 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.21;5;5;21;CVE-2012-1697;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53064 | URL:http://www.securityfocus.com/bid/53064 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17186 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17186 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17186 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17186 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.61;5;1;61;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53058 | URL:http://www.securityfocus.com/bid/53058 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.21;5;5;21;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53058 | URL:http://www.securityfocus.com/bid/53058 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17268 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17268 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17268 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17268 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.62;5;1;62;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54540 | URL:http://www.securityfocus.com/bid/54540 | OSVDB:83979 | URL:http://osvdb.org/83979 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77064";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.23;5;5;23;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54540 | URL:http://www.securityfocus.com/bid/54540 | OSVDB:83979 | URL:http://osvdb.org/83979 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77064";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.23;5;5;23;CVE-2012-1735;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54549 | URL:http://www.securityfocus.com/bid/54549 | OSVDB:83975 | URL:http://osvdb.org/83975 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-serveroptimizer-dos(77060) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77060";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.23;5;5;23;CVE-2012-1756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54524 | URL:http://www.securityfocus.com/bid/54524 | OSVDB:83978 | URL:http://osvdb.org/83978 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-server1-dos(77063) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77063";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.23;5;5;23;CVE-2012-1757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54526 | URL:http://www.securityfocus.com/bid/54526 | OSVDB:83977 | URL:http://osvdb.org/83977 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-innodb1-dos(77062) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77062";Assigned (20120316);"None (candidate not yet proposed)"; 5.1.61;5;1;61;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; 5.5.21;5;5;21;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; 97.15.14;97;15;14;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3144;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-server-cve20123144-dos(79387) | URL:http://xforce.iss.net/xforce/xfdb/79387";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3147;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-cve20123147(79384) | URL:http://xforce.iss.net/xforce/xfdb/79384";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3149;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-info-disc(79390) | URL:http://xforce.iss.net/xforce/xfdb/79390";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.64;5;1;64;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-opt-dos(79388) | URL:http://xforce.iss.net/xforce/xfdb/79388";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-opt-dos(79388) | URL:http://xforce.iss.net/xforce/xfdb/79388";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3144;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-server-cve20123144-dos(79387) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79387";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3147;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-cve20123147(79384) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79384";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3149;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-info-disc(79390) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79390";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.64;5;1;64;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-opt-dos(79388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79388";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-opt-dos(79388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79388";Assigned (20120606);"None (candidate not yet proposed)"; 5.5.25;5;5;25;CVE-2012-3156;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.64;5;1;64;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-protocol-cve20123158(79382) | URL:http://xforce.iss.net/xforce/xfdb/79382";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-protocol-cve20123158(79382) | URL:http://xforce.iss.net/xforce/xfdb/79382";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.65;5;1;65;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:http://xforce.iss.net/xforce/xfdb/79394";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.27;5;5;27;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:http://xforce.iss.net/xforce/xfdb/79394";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.64;5;1;64;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:http://xforce.iss.net/xforce/xfdb/79381";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:http://xforce.iss.net/xforce/xfdb/79381";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.64;5;1;64;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-protocol-cve20123158(79382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79382";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-protocol-cve20123158(79382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79382";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.65;5;1;65;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79394";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.27;5;5;27;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79394";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.64;5;1;64;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79381";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79381";Assigned (20120606);"None (candidate not yet proposed)"; 5.1.63;5;1;63;CVE-2012-3166;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120606);"None (candidate not yet proposed)"; 5.5.25;5;5;25;CVE-2012-3166;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.63;5;1;63;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:http://xforce.iss.net/xforce/xfdb/79392";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.25;5;5;25;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:http://xforce.iss.net/xforce/xfdb/79392";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.63;5;1;63;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-innodbplugin-dos(79386) | URL:http://xforce.iss.net/xforce/xfdb/79386";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.25;5;5;25;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-innodbplugin-dos(79386) | URL:http://xforce.iss.net/xforce/xfdb/79386";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.65;5;1;65;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-server-dos(79383) | URL:http://xforce.iss.net/xforce/xfdb/79383";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.27;5;5;27;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-server-dos(79383) | URL:http://xforce.iss.net/xforce/xfdb/79383";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.65;5;1;65;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:http://xforce.iss.net/xforce/xfdb/79389";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.27;5;5;27;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:http://xforce.iss.net/xforce/xfdb/79389";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.64;5;1;64;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:http://xforce.iss.net/xforce/xfdb/79393";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:http://xforce.iss.net/xforce/xfdb/79393";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.63;5;1;63;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79392";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.25;5;5;25;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79392";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.63;5;1;63;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-innodbplugin-dos(79386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79386";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.25;5;5;25;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-innodbplugin-dos(79386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79386";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.65;5;1;65;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-server-dos(79383) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79383";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.27;5;5;27;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-server-dos(79383) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79383";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.65;5;1;65;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79389";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.27;5;5;27;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79389";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.64;5;1;64;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79393";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79393";Assigned (20120606);"None (candidate not yet proposed)"; 5.5.28;5;5;28;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; 5.1.61;5;1;61;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; 5.2.11;5;2;11;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; @@ -120,21 +120,21 @@ 5.5.24;5;5;24;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; 5.1.65;5;1;65;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; 5.5.27;5;5;27;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2012-5096;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16877 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16877 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120922);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0367;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17077 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17077 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0368;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17255 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17255 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0371;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16451 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16451 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17175 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17175 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.1.28;5;1;28;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17175 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17175 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16758 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16758 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16758 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16758 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16632 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16632 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16632 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16632 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16267 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16267 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16267 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16267 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0386;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16835 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16835 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16825 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16825 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16825 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16825 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-5096;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16877 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16877 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120922);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0367;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17077 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17077 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0368;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17255 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17255 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0371;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16451 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16451 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17175 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17175 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.1.28;5;1;28;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17175 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17175 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16758 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16758 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16758 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16758 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16632 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16632 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16632 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16632 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16267 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16267 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16267 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16267 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0386;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16835 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16835 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16825 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16825 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16825 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16825 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; 5.5.30;5;5;30;CVE-2013-1502;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; 5.6.9;5;6;9;CVE-2013-1502;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; 5.1.67;5;1;67;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; @@ -150,13 +150,13 @@ 5.1.63;5;1;63;CVE-2013-1548;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; 5.1.67;5;1;67;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; 5.5.29;5;5;29;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.5.29;5;5;29;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.3.12;5;3;12;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.2.14;5;2;14;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.1.67;5;1;67;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.1.68;5;1;68;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.5.30;5;5;30;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.6.10;5;6;10;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:http://xforce.iss.net/xforce/xfdb/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.5.29;5;5;29;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.3.12;5;3;12;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.2.14;5;2;14;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.1.67;5;1;67;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.1.68;5;1;68;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.5.30;5;5;30;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; 5.6.10;5;6;10;CVE-2013-2381;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; 5.1.68;5;1;68;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; 5.5.30;5;5;30;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; @@ -164,9 +164,9 @@ 5.1.68;5;1;68;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; 5.5.30;5;5;30;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; 5.6.10;5;6;10;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-3783;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61210 | URL:http://www.securityfocus.com/bid/61210 | OSVDB:95332 | URL:http://osvdb.org/95332 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133783(85719) | URL:http://xforce.iss.net/xforce/xfdb/85719";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61264 | URL:http://www.securityfocus.com/bid/61264 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:http://xforce.iss.net/xforce/xfdb/85710";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61264 | URL:http://www.securityfocus.com/bid/61264 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:http://xforce.iss.net/xforce/xfdb/85710";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.31;5;5;31;CVE-2013-3783;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61210 | URL:http://www.securityfocus.com/bid/61210 | OSVDB:95332 | URL:http://osvdb.org/95332 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133783(85719) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85719";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.31;5;5;31;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61264 | URL:http://www.securityfocus.com/bid/61264 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85710";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61264 | URL:http://www.securityfocus.com/bid/61264 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85710";Assigned (20130603);"None (candidate not yet proposed)"; 5.5.30;5;5;30;CVE-2013-3794;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61222 | URL:http://www.securityfocus.com/bid/61222 | OSVDB:95333 | URL:http://osvdb.org/95333";Assigned (20130603);"None (candidate not yet proposed)"; 5.6.10;5;6;10;CVE-2013-3794;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61222 | URL:http://www.securityfocus.com/bid/61222 | OSVDB:95333 | URL:http://osvdb.org/95333";Assigned (20130603);"None (candidate not yet proposed)"; 5.6.11;5;6;11;CVE-2013-3795;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61241 | URL:http://www.securityfocus.com/bid/61241 | OSVDB:95324 | URL:http://osvdb.org/95324";Assigned (20130603);"None (candidate not yet proposed)"; @@ -174,25 +174,25 @@ 5.6.11;5;6;11;CVE-2013-3798;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61274 | URL:http://www.securityfocus.com/bid/61274 | OSVDB:95321 | URL:http://osvdb.org/95321";Assigned (20130603);"None (candidate not yet proposed)"; 5.5.30;5;5;30;CVE-2013-3801;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61269 | URL:http://www.securityfocus.com/bid/61269 | OSVDB:95331 | URL:http://osvdb.org/95331";Assigned (20130603);"None (candidate not yet proposed)"; 5.6.10;5;6;10;CVE-2013-3801;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61269 | URL:http://www.securityfocus.com/bid/61269 | OSVDB:95331 | URL:http://osvdb.org/95331";Assigned (20130603);"None (candidate not yet proposed)"; -5.1.69;5;1;69;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:http://xforce.iss.net/xforce/xfdb/85712";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:http://xforce.iss.net/xforce/xfdb/85712";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:http://xforce.iss.net/xforce/xfdb/85712";Assigned (20130603);"None (candidate not yet proposed)"; -5.1.69;5;1;69;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:http://xforce.iss.net/xforce/xfdb/85715";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:http://xforce.iss.net/xforce/xfdb/85715";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:http://xforce.iss.net/xforce/xfdb/85715";Assigned (20130603);"None (candidate not yet proposed)"; +5.1.69;5;1;69;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85712";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.31;5;5;31;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85712";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85712";Assigned (20130603);"None (candidate not yet proposed)"; +5.1.69;5;1;69;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85715";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.31;5;5;31;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85715";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85715";Assigned (20130603);"None (candidate not yet proposed)"; 5.5.30;5;5;30;CVE-2013-3805;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95327 | URL:http://osvdb.org/95327";Assigned (20130603);"None (candidate not yet proposed)"; 5.6.10;5;6;10;CVE-2013-3805;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95327 | URL:http://osvdb.org/95327";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3806;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3811.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95326 | URL:http://osvdb.org/95326 | XF:oracle-cpujuly2013-cve20133806(85713) | URL:http://xforce.iss.net/xforce/xfdb/85713";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3807;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95334 | URL:http://osvdb.org/95334 | XF:oracle-cpujuly2013-cve20133807(85721) | URL:http://xforce.iss.net/xforce/xfdb/85721";Assigned (20130603);"None (candidate not yet proposed)"; -5.1.68;5;1;68;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:http://xforce.iss.net/xforce/xfdb/85717";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.30;5;5;30;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:http://xforce.iss.net/xforce/xfdb/85717";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.10;5;6;10;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:http://xforce.iss.net/xforce/xfdb/85717";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:http://xforce.iss.net/xforce/xfdb/85709";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:http://xforce.iss.net/xforce/xfdb/85709";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3810;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95337 | URL:http://osvdb.org/95337 | XF:oracle-cpujuly2013-cve20133810(85724) | URL:http://xforce.iss.net/xforce/xfdb/85724";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3811;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3806.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95335 | URL:http://osvdb.org/95335 | XF:oracle-cpujuly2013-cve20133811(85722) | URL:http://xforce.iss.net/xforce/xfdb/85722";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:http://xforce.iss.net/xforce/xfdb/85723";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:http://xforce.iss.net/xforce/xfdb/85723";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3806;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3811.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95326 | URL:http://osvdb.org/95326 | XF:oracle-cpujuly2013-cve20133806(85713) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85713";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3807;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95334 | URL:http://osvdb.org/95334 | XF:oracle-cpujuly2013-cve20133807(85721) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85721";Assigned (20130603);"None (candidate not yet proposed)"; +5.1.68;5;1;68;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85717";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.30;5;5;30;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85717";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85717";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.31;5;5;31;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85709";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85709";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3810;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95337 | URL:http://osvdb.org/95337 | XF:oracle-cpujuly2013-cve20133810(85724) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85724";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3811;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3806.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95335 | URL:http://osvdb.org/95335 | XF:oracle-cpujuly2013-cve20133811(85722) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85722";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.31;5;5;31;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85723";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85723";Assigned (20130603);"None (candidate not yet proposed)"; 5.1.70;5;1;70;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; 5.5.32;5;5;32;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; 5.6.12;5;6;12;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; @@ -202,74 +202,74 @@ 5.6.12;5;6;12;CVE-2013-5793;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5786.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63116 | URL:http://www.securityfocus.com/bid/63116 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; 5.5.32;5;5;32;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63105 | URL:http://www.securityfocus.com/bid/63105 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; 5.6.12;5;6;12;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63105 | URL:http://www.securityfocus.com/bid/63105 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2013-5860;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64864 | URL:http://www.securityfocus.com/bid/64864 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135860(90373) | URL:http://xforce.iss.net/xforce/xfdb/90373";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2013-5881;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2014-0431.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64885 | URL:http://www.securityfocus.com/bid/64885 | OSVDB:102066 | URL:http://osvdb.org/102066 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135881(90377) | URL:http://xforce.iss.net/xforce/xfdb/90377";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2013-5882;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64854 | URL:http://www.securityfocus.com/bid/64854 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135882(90374) | URL:http://xforce.iss.net/xforce/xfdb/90374";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2013-5860;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64864 | URL:http://www.securityfocus.com/bid/64864 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135860(90373) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90373";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2013-5881;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2014-0431.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64885 | URL:http://www.securityfocus.com/bid/64885 | OSVDB:102066 | URL:http://osvdb.org/102066 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135881(90377) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90377";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2013-5882;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64854 | URL:http://www.securityfocus.com/bid/64854 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135882(90374) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90374";Assigned (20130918);"None (candidate not yet proposed)"; 5.5.33;5;5;33;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; 5.6.13;5;6;13;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2013-5894;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64873 | URL:http://www.securityfocus.com/bid/64873 | OSVDB:102065 | URL:http://osvdb.org/102065 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135894(90376) | URL:http://xforce.iss.net/xforce/xfdb/90376";Assigned (20130918);"None (candidate not yet proposed)"; -5.1.72;5;1;72;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:http://xforce.iss.net/xforce/xfdb/90389";Assigned (20130918);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; -02.565.63;02;565;63;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714";Assigned (20131203);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.71;5;1;71;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.33;5;5;33;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:http://xforce.iss.net/xforce/xfdb/90380";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.71;5;1;71;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.33;5;5;33;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:http://xforce.iss.net/xforce/xfdb/90386";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.72;5;1;72;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:http://xforce.iss.net/xforce/xfdb/90382";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.71;5;1;71;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.33;5;5;33;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:http://xforce.iss.net/xforce/xfdb/90379";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.72;5;1;72;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:http://xforce.iss.net/xforce/xfdb/90378";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:http://xforce.iss.net/xforce/xfdb/90388";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0427;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64868 | URL:http://www.securityfocus.com/bid/64868 | OSVDB:102072 | URL:http://osvdb.org/102072 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140427(90383) | URL:http://xforce.iss.net/xforce/xfdb/90383";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0430;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64893 | URL:http://www.securityfocus.com/bid/64893 | OSVDB:102076 | URL:http://osvdb.org/102076 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140430(90387) | URL:http://xforce.iss.net/xforce/xfdb/90387";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0431;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5881.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64897 | URL:http://www.securityfocus.com/bid/64897 | OSVDB:102073 | URL:http://osvdb.org/102073 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140431(90384) | URL:http://xforce.iss.net/xforce/xfdb/90384";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0433;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64895 | URL:http://www.securityfocus.com/bid/64895 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140433(90375) | URL:http://xforce.iss.net/xforce/xfdb/90375";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.72;5;1;72;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:http://xforce.iss.net/xforce/xfdb/90385";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.36;5;5;36;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.16;5;6;16;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.36;5;5;36;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.16;5;6;16;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2013-5894;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64873 | URL:http://www.securityfocus.com/bid/64873 | OSVDB:102065 | URL:http://osvdb.org/102065 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135894(90376) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90376";Assigned (20130918);"None (candidate not yet proposed)"; +5.1.72;5;1;72;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714 | SECTRACK:1029708 | URL:http://www.securitytracker.com/id/1029708 | SECUNIA:52161 | URL:http://secunia.com/advisories/52161 | XF:mysql-cve20140001-bo(90901) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90901";Assigned (20131203);"None (candidate not yet proposed)"; +02.565.63;02;565;63;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714 | SECTRACK:1029708 | URL:http://www.securitytracker.com/id/1029708 | SECUNIA:52161 | URL:http://secunia.com/advisories/52161 | XF:mysql-cve20140001-bo(90901) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90901";Assigned (20131203);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.71;5;1;71;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90380";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.33;5;5;33;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90380";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90380";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.71;5;1;71;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90386";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.33;5;5;33;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90386";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90386";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.72;5;1;72;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90382";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90382";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90382";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.71;5;1;71;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90379";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.33;5;5;33;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90379";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90379";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.72;5;1;72;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90378";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90378";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90378";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90388";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90388";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0427;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64868 | URL:http://www.securityfocus.com/bid/64868 | OSVDB:102072 | URL:http://osvdb.org/102072 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140427(90383) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90383";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0430;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64893 | URL:http://www.securityfocus.com/bid/64893 | OSVDB:102076 | URL:http://osvdb.org/102076 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140430(90387) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90387";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0431;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5881.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64897 | URL:http://www.securityfocus.com/bid/64897 | OSVDB:102073 | URL:http://osvdb.org/102073 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140431(90384) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90384";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0433;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64895 | URL:http://www.securityfocus.com/bid/64895 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140433(90375) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90375";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.72;5;1;72;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90385";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90385";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90385";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.36;5;5;36;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.16;5;6;16;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.36;5;5;36;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.16;5;6;16;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; 5.6.15;5;6;15;CVE-2014-2434;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66872 | URL:http://www.securityfocus.com/bid/66872";Assigned (20140313);"None (candidate not yet proposed)"; 5.6.16;5;6;16;CVE-2014-2435;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66853 | URL:http://www.securityfocus.com/bid/66853";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.36;5;5;36;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.16;5;6;16;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.36;5;5;36;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.16;5;6;16;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; 5.6.15;5;6;15;CVE-2014-2442;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; 5.6.15;5;6;15;CVE-2014-2444;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; 5.6.15;5;6;15;CVE-2014-2450;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; 5.6.15;5;6;15;CVE-2014-2451;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; 5.6.17;5;6;17;CVE-2014-2484;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRFTS.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; 5.5.37;5;5;37;CVE-2014-2494;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.37;5;5;37;CVE-2014-4207;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68593 | URL:http://www.securityfocus.com/bid/68593 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144207(94624) | URL:http://xforce.iss.net/xforce/xfdb/94624";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4214;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68607 | URL:http://www.securityfocus.com/bid/68607 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144214(94627) | URL:http://xforce.iss.net/xforce/xfdb/94627";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4233;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68598 | URL:http://www.securityfocus.com/bid/68598 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144233(94625) | URL:http://xforce.iss.net/xforce/xfdb/94625";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4238;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68587 | URL:http://www.securityfocus.com/bid/68587 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144238(94623) | URL:http://xforce.iss.net/xforce/xfdb/94623";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4240;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68602 | URL:http://www.securityfocus.com/bid/68602 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144240(94626) | URL:http://xforce.iss.net/xforce/xfdb/94626";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:http://xforce.iss.net/xforce/xfdb/94628";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.37;5;5;37;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:http://xforce.iss.net/xforce/xfdb/94620";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.37;5;5;37;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:http://xforce.iss.net/xforce/xfdb/94621";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.37;5;5;37;CVE-2014-4207;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68593 | URL:http://www.securityfocus.com/bid/68593 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144207(94624) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94624";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4214;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68607 | URL:http://www.securityfocus.com/bid/68607 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144214(94627) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94627";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4233;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68598 | URL:http://www.securityfocus.com/bid/68598 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144233(94625) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94625";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4238;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68587 | URL:http://www.securityfocus.com/bid/68587 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144238(94623) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94623";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4240;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68602 | URL:http://www.securityfocus.com/bid/68602 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144240(94626) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94626";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94628";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94628";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.37;5;5;37;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94620";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94620";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.37;5;5;37;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94621";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94621";Assigned (20140617);"None (candidate not yet proposed)"; 5.5.38;5;5;38;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; 5.6.19;5;6;19;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; 5.5.38;5;5;38;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; @@ -312,114 +312,116 @@ 5.6.19;5;6;19;CVE-2014-6564;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70511 | URL:http://www.securityfocus.com/bid/70511";Assigned (20140917);"None (candidate not yet proposed)"; 5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; 5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:http://xforce.iss.net/xforce/xfdb/100191";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:http://xforce.iss.net/xforce/xfdb/100185";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:http://xforce.iss.net/xforce/xfdb/100184";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72229 | URL:http://www.securityfocus.com/bid/72229 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150385(100190) | URL:http://xforce.iss.net/xforce/xfdb/100190";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:http://xforce.iss.net/xforce/xfdb/100186";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100191";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100191";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100185";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100185";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100184";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100184";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72229 | URL:http://www.securityfocus.com/bid/72229 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150385(100190) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100190";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100186";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100186";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.22;5;6;22;CVE-2015-0405;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72223 | URL:http://www.securityfocus.com/bid/72223 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150409(100188) | URL:http://xforce.iss.net/xforce/xfdb/100188";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:http://xforce.iss.net/xforce/xfdb/100183";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72223 | URL:http://www.securityfocus.com/bid/72223 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150409(100188) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100188";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100183";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100183";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.22;5;6;22;CVE-2015-0423;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72217 | URL:http://www.securityfocus.com/bid/72217 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150432(100187) | URL:http://xforce.iss.net/xforce/xfdb/100187";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72217 | URL:http://www.securityfocus.com/bid/72217 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150432(100187) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100187";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.22;5;6;22;CVE-2015-0438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.22;5;6;22;CVE-2015-0439;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-4756.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74085 | URL:http://www.securityfocus.com/bid/74085 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.23;5;6;23;CVE-2015-0498;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.23;5;6;23;CVE-2015-0500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74081 | URL:http://www.securityfocus.com/bid/74081 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.23;5;6;23;CVE-2015-0503;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.23;5;6;23;CVE-2015-0506;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2015-0508.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.23;5;6;23;CVE-2015-0507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.23;5;6;23;CVE-2015-0508;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0506.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; 5.6.23;5;6;23;CVE-2015-0511;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +2.2.12;2;2;12;CVE-2015-1027;Candidate;"The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.";"CONFIRM:https://bugs.launchpad.net/percona-toolkit/+bug/1408375 | CONFIRM:https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/";Assigned (20150110);"None (candidate not yet proposed)"; +2.2.8;2;2;8;CVE-2015-1027;Candidate;"The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.";"CONFIRM:https://bugs.launchpad.net/percona-toolkit/+bug/1408375 | CONFIRM:https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/";Assigned (20150110);"None (candidate not yet proposed)"; 5.6.22;5;6;22;CVE-2015-2566;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; 5.6.23;5;6;23;CVE-2015-2567;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75762 | URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75774 | URL:http://www.securityfocus.com/bid/75774";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75760 | URL:http://www.securityfocus.com/bid/75760";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75815 | URL:http://www.securityfocus.com/bid/75815";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75813 | URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)"; -5.7.2;5;7;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; -6.1.2;6;1;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | BID:75785 | URL:http://www.securityfocus.com/bid/75785";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75770 | URL:http://www.securityfocus.com/bid/75770";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75762 | URL:http://www.securityfocus.com/bid/75762 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75774 | URL:http://www.securityfocus.com/bid/75774 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75760 | URL:http://www.securityfocus.com/bid/75760 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75815 | URL:http://www.securityfocus.com/bid/75815 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75813 | URL:http://www.securityfocus.com/bid/75813 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.7.2;5;7;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +6.1.2;6;1;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | BID:75785 | URL:http://www.securityfocus.com/bid/75785 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75770 | URL:http://www.securityfocus.com/bid/75770 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77232 | URL:http://www.securityfocus.com/bid/77232 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75844 | URL:http://www.securityfocus.com/bid/75844";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75753 | URL:http://www.securityfocus.com/bid/75753";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75835 | URL:http://www.securityfocus.com/bid/75835";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75781 | URL:http://www.securityfocus.com/bid/75781";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75844 | URL:http://www.securityfocus.com/bid/75844 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75753 | URL:http://www.securityfocus.com/bid/75753 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75835 | URL:http://www.securityfocus.com/bid/75835 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75781 | URL:http://www.securityfocus.com/bid/75781 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77213 | URL:http://www.securityfocus.com/bid/77213 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.26;5;6;26;CVE-2015-4800;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77216 | URL:http://www.securityfocus.com/bid/77216 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.44;5;5;44;CVE-2015-4816;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77134 | URL:http://www.securityfocus.com/bid/77134 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.44;5;5;44;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.44;5;5;44;CVE-2015-4816;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77134 | URL:http://www.securityfocus.com/bid/77134 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.44;5;5;44;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.25;5;6;25;CVE-2015-4833;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77170 | URL:http://www.securityfocus.com/bid/77170 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.26;5;6;26;CVE-2015-4862;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77147 | URL:http://www.securityfocus.com/bid/77147 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.23;5;6;23;CVE-2015-4866;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77132 | URL:http://www.securityfocus.com/bid/77132 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.44;5;5;44;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"EXPLOIT-DB:39867 | URL:https://www.exploit-db.com/exploits/39867/ | MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"EXPLOIT-DB:39867 | URL:https://www.exploit-db.com/exploits/39867/ | MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.44;5;5;44;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.26;5;6;26;CVE-2015-4890;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77231 | URL:http://www.securityfocus.com/bid/77231 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4895;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77136 | URL:http://www.securityfocus.com/bid/77136 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4895;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77136 | URL:http://www.securityfocus.com/bid/77136 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.25;5;6;25;CVE-2015-4904;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77219 | URL:http://www.securityfocus.com/bid/77219 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.23;5;6;23;CVE-2015-4905;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77143 | URL:http://www.securityfocus.com/bid/77143 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77234 | URL:http://www.securityfocus.com/bid/77234 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; 5.6.27;5;6;27;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; 2.17.0;2;17;0;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; 10.0.21;10;0;21;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; @@ -427,227 +429,343 @@ 5.4.42;5;4;42;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; 5.5.26;5;5;26;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; 5.6.10;5;6;10;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -5.7.8;5;7;8;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -10.0.22;10;0;22;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -10.1.9;10;1;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -5.5.46;5;5;46;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -10.0.22;10;0;22;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -10.1.9;10;1;9;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -5.6.28;5;6;28;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -5.7.10;5;7;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3424;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91976 | URL:http://www.securityfocus.com/bid/91976";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-3440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91910 | URL:http://www.securityfocus.com/bid/91910";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.47;5;5;47;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.28;5;6;28;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.9;5;7;9;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.24;10;0;24;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.13;10;1;13;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.24;10;0;24;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.13;10;1;13;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943";Assigned (20160317);"None (candidate not yet proposed)"; -3.0.25;3;0;25;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; -3.1.2;3;1;2;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.49;5;5;49;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.25;10;0;25;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.14;10;1;14;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93650 | URL:http://www.securityfocus.com/bid/93650";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-3495;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93670 | URL:http://www.securityfocus.com/bid/93670";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3518;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91967 | URL:http://www.securityfocus.com/bid/91967";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.49;5;5;49;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.25;10;0;25;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.14;10;1;14;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3588;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91983 | URL:http://www.securityfocus.com/bid/91983";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.49;5;5;49;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.25;10;0;25;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.14;10;1;14;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-5436;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91906 | URL:http://www.securityfocus.com/bid/91906";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-5437;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91917 | URL:http://www.securityfocus.com/bid/91917";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.49;5;5;49;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; -10.0.25;10;0;25;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; -10.1.14;10;1;14;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-5441;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91915 | URL:http://www.securityfocus.com/bid/91915";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-5442;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91974 | URL:http://www.securityfocus.com/bid/91974";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-5443;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91963 | URL:http://www.securityfocus.com/bid/91963";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.47;5;5;47;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.28;5;6;28;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.10;5;7;10;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; -10.0.24;10;0;24;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; -10.1.13;10;1;13;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93678 | URL:http://www.securityfocus.com/bid/93678";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.33;5;6;33;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.15;5;7;15;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5625;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Packaging.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93617 | URL:http://www.securityfocus.com/bid/93617";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93642 | URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93642 | URL:http://www.securityfocus.com/bid/93642";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5628;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93662 | URL:http://www.securityfocus.com/bid/93662";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93668 | URL:http://www.securityfocus.com/bid/93668";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93674 | URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93674 | URL:http://www.securityfocus.com/bid/93674";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5631;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93684 | URL:http://www.securityfocus.com/bid/93684";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5632;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93693 | URL:http://www.securityfocus.com/bid/93693";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5633;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-8290.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93702 | URL:http://www.securityfocus.com/bid/93702";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5635;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93715 | URL:http://www.securityfocus.com/bid/93715";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.50;5;5;50;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -10.0.26;10;0;26;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -10.1.16;10;1;16;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:92912 | URL:http://www.securityfocus.com/bid/92912";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -8.0.0;8;0;0;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -10.0.27;10;0;27;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -10.1.17;10;1;17;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.50;5;5;50;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; -7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93755 | URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93755 | URL:http://www.securityfocus.com/bid/93755";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-8286;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93745 | URL:http://www.securityfocus.com/bid/93745";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-8287;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93727 | URL:http://www.securityfocus.com/bid/93727";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93740 | URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93740 | URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93720 | URL:http://www.securityfocus.com/bid/93720";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93733 | URL:http://www.securityfocus.com/bid/93733";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95538 | URL:http://www.securityfocus.com/bid/95538";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95482 | URL:http://www.securityfocus.com/bid/95482";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95486 | URL:http://www.securityfocus.com/bid/95486";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.55;5;5;55;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.7.8;5;7;8;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +10.0.22;10;0;22;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +10.1.9;10;1;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.5.46;5;5;46;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +10.0.22;10;0;22;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +10.1.9;10;1;9;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +5.6.28;5;6;28;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +5.7.10;5;7;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-3424;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91976 | URL:http://www.securityfocus.com/bid/91976 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91910 | URL:http://www.securityfocus.com/bid/91910 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.47;5;5;47;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.28;5;6;28;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.9;5;7;9;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.24;10;0;24;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.13;10;1;13;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.24;10;0;24;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.13;10;1;13;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +3.0.25;3;0;25;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"MISC:https://www.tenable.com/security/research/tra-2016-11 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; +3.1.2;3;1;2;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"MISC:https://www.tenable.com/security/research/tra-2016-11 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.49;5;5;49;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.25;10;0;25;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.14;10;1;14;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.30;5;6;30;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93650 | URL:http://www.securityfocus.com/bid/93650 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93650 | URL:http://www.securityfocus.com/bid/93650 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93650 | URL:http://www.securityfocus.com/bid/93650 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-3495;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93670 | URL:http://www.securityfocus.com/bid/93670 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.30;5;6;30;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-3518;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91967 | URL:http://www.securityfocus.com/bid/91967 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.49;5;5;49;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.25;10;0;25;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.14;10;1;14;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-3588;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91983 | URL:http://www.securityfocus.com/bid/91983 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.30;5;6;30;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.49;5;5;49;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.25;10;0;25;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.14;10;1;14;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-5436;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91906 | URL:http://www.securityfocus.com/bid/91906 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-5437;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91917 | URL:http://www.securityfocus.com/bid/91917 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.30;5;6;30;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.49;5;5;49;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +10.0.25;10;0;25;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +10.1.14;10;1;14;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-5441;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91915 | URL:http://www.securityfocus.com/bid/91915 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-5442;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91974 | URL:http://www.securityfocus.com/bid/91974 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-5443;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91963 | URL:http://www.securityfocus.com/bid/91963 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.47;5;5;47;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.28;5;6;28;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.10;5;7;10;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +10.0.24;10;0;24;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +10.1.13;10;1;13;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | BID:93678 | URL:http://www.securityfocus.com/bid/93678 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | BID:93678 | URL:http://www.securityfocus.com/bid/93678 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.33;5;6;33;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.15;5;7;15;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-5625;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Packaging.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93617 | URL:http://www.securityfocus.com/bid/93617 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93642 | URL:http://www.securityfocus.com/bid/93642 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93642 | URL:http://www.securityfocus.com/bid/93642 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5628;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93662 | URL:http://www.securityfocus.com/bid/93662 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93668 | URL:http://www.securityfocus.com/bid/93668 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93668 | URL:http://www.securityfocus.com/bid/93668 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93668 | URL:http://www.securityfocus.com/bid/93668 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | BID:93674 | URL:http://www.securityfocus.com/bid/93674 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | BID:93674 | URL:http://www.securityfocus.com/bid/93674 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5631;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93684 | URL:http://www.securityfocus.com/bid/93684 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-5632;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93693 | URL:http://www.securityfocus.com/bid/93693 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5633;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-8290.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93702 | URL:http://www.securityfocus.com/bid/93702 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5635;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93715 | URL:http://www.securityfocus.com/bid/93715 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.50;5;5;50;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +10.0.26;10;0;26;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +10.1.16;10;1;16;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +8.0.0;8;0;0;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +10.0.27;10;0;27;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +10.1.17;10;1;17;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.50;5;5;50;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | CONFIRM:https://www.tenable.com/security/tns-2016-19 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005 | SECTRACK:1036836 | URL:http://www.securitytracker.com/id/1036836";Assigned (20160909);"None (candidate not yet proposed)"; +7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | CONFIRM:https://www.tenable.com/security/tns-2016-19 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005 | SECTRACK:1036836 | URL:http://www.securitytracker.com/id/1036836";Assigned (20160909);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93737 | URL:http://www.securityfocus.com/bid/93737 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93737 | URL:http://www.securityfocus.com/bid/93737 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93737 | URL:http://www.securityfocus.com/bid/93737 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93755 | URL:http://www.securityfocus.com/bid/93755 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93755 | URL:http://www.securityfocus.com/bid/93755 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-8286;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93745 | URL:http://www.securityfocus.com/bid/93745 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-8287;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93727 | URL:http://www.securityfocus.com/bid/93727 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.30;5;6;30;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93740 | URL:http://www.securityfocus.com/bid/93740 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93740 | URL:http://www.securityfocus.com/bid/93740 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93720 | URL:http://www.securityfocus.com/bid/93720 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93733 | URL:http://www.securityfocus.com/bid/93733 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95557 | URL:http://www.securityfocus.com/bid/95557 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95557 | URL:http://www.securityfocus.com/bid/95557 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10155;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101402 | URL:http://www.securityfocus.com/bid/101402 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10155;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101402 | URL:http://www.securityfocus.com/bid/101402 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10165;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101424 | URL:http://www.securityfocus.com/bid/101424 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10167;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101433 | URL:http://www.securityfocus.com/bid/101433 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10227;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101337 | URL:http://www.securityfocus.com/bid/101337 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10227;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101337 | URL:http://www.securityfocus.com/bid/101337 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.5.57;5;5;57;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10276;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101441 | URL:http://www.securityfocus.com/bid/101441 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10276;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101441 | URL:http://www.securityfocus.com/bid/101441 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-10279;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101316 | URL:http://www.securityfocus.com/bid/101316 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-10279;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101316 | URL:http://www.securityfocus.com/bid/101316 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10283;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101420 | URL:http://www.securityfocus.com/bid/101420 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10283;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101420 | URL:http://www.securityfocus.com/bid/101420 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-10284;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Stored Procedure). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101385 | URL:http://www.securityfocus.com/bid/101385 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10286;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101397 | URL:http://www.securityfocus.com/bid/101397 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10286;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101397 | URL:http://www.securityfocus.com/bid/101397 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10294;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101444 | URL:http://www.securityfocus.com/bid/101444 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10294;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101444 | URL:http://www.securityfocus.com/bid/101444 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-10296;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101373 | URL:http://www.securityfocus.com/bid/101373 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10311;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101446 | URL:http://www.securityfocus.com/bid/101446 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101448 | URL:http://www.securityfocus.com/bid/101448 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10314;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101314 | URL:http://www.securityfocus.com/bid/101314 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10314;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101314 | URL:http://www.securityfocus.com/bid/101314 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101410 | URL:http://www.securityfocus.com/bid/101410 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-10365;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101429 | URL:http://www.securityfocus.com/bid/101429 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.5.57;5;5;57;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.5.57;5;5;57;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.5.57;5;5;57;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +10.1.29;10;1;29;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; +10.2.9;10;2;9;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; +5.0.-1;5;0;-1;CVE-2017-16540;Candidate;"OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.";"MISC:http://www.open-emr.org/wiki/index.php/OpenEMR_Patches | MISC:https://isears.github.io/jekyll/update/2017/10/28/openemr-database-disclosure.html | BID:101983 | URL:http://www.securityfocus.com/bid/101983";Assigned (20171104);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95538 | URL:http://www.securityfocus.com/bid/95538 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95482 | URL:http://www.securityfocus.com/bid/95482 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95486 | URL:http://www.securityfocus.com/bid/95486 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95589 | URL:http://www.securityfocus.com/bid/95589 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95589 | URL:http://www.securityfocus.com/bid/95589 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95583 | URL:http://www.securityfocus.com/bid/95583 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95583 | URL:http://www.securityfocus.com/bid/95583 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.55;5;5;55;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 3.2.1182;3;2;1182;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 3.3.2;3;3;2;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 3.1.6;3;1;6;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 3.2.1182;3;2;1182;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 3.3.2;3;3;2;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95479 | URL:http://www.securityfocus.com/bid/95479";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95470 | URL:http://www.securityfocus.com/bid/95470";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97772 | URL:http://www.securityfocus.com/bid/97772 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97772 | URL:http://www.securityfocus.com/bid/97772 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3452;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97779 | URL:http://www.securityfocus.com/bid/97779 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3454;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97791 | URL:http://www.securityfocus.com/bid/97791 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97820 | URL:http://www.securityfocus.com/bid/97820 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3457;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97845 | URL:http://www.securityfocus.com/bid/97845 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3458;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97837 | URL:http://www.securityfocus.com/bid/97837 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3459;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97847 | URL:http://www.securityfocus.com/bid/97847 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3460;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97826 | URL:http://www.securityfocus.com/bid/97826 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3465;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97822 | URL:http://www.securityfocus.com/bid/97822 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3467;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97825 | URL:http://www.securityfocus.com/bid/97825 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3468;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97848 | URL:http://www.securityfocus.com/bid/97848 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97754 | URL:http://www.securityfocus.com/bid/97754 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97754 | URL:http://www.securityfocus.com/bid/97754 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95479 | URL:http://www.securityfocus.com/bid/95479 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95470 | URL:http://www.securityfocus.com/bid/95470 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97772 | URL:http://www.securityfocus.com/bid/97772 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97772 | URL:http://www.securityfocus.com/bid/97772 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3452;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97779 | URL:http://www.securityfocus.com/bid/97779 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3454;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97791 | URL:http://www.securityfocus.com/bid/97791 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97820 | URL:http://www.securityfocus.com/bid/97820 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3457;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97845 | URL:http://www.securityfocus.com/bid/97845 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3458;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97837 | URL:http://www.securityfocus.com/bid/97837 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3459;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97847 | URL:http://www.securityfocus.com/bid/97847 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3460;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97826 | URL:http://www.securityfocus.com/bid/97826 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3465;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97822 | URL:http://www.securityfocus.com/bid/97822 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3467;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97825 | URL:http://www.securityfocus.com/bid/97825 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3468;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97848 | URL:http://www.securityfocus.com/bid/97848 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3529;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99746 | URL:http://www.securityfocus.com/bid/99746 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"EXPLOIT-DB:41954 | URL:https://www.exploit-db.com/exploits/41954/ | MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97754 | URL:http://www.securityfocus.com/bid/97754 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"EXPLOIT-DB:41954 | URL:https://www.exploit-db.com/exploits/41954/ | MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97754 | URL:http://www.securityfocus.com/bid/97754 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3633;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99722 | URL:http://www.securityfocus.com/bid/99722 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3633;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99722 | URL:http://www.securityfocus.com/bid/99722 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3634;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99729 | URL:http://www.securityfocus.com/bid/99729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3634;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99729 | URL:http://www.securityfocus.com/bid/99729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3636;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99736 | URL:http://www.securityfocus.com/bid/99736 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3636;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99736 | URL:http://www.securityfocus.com/bid/99736 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3637;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99748 | URL:http://www.securityfocus.com/bid/99748 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3638;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99778 | URL:http://www.securityfocus.com/bid/99778 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3639;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99753 | URL:http://www.securityfocus.com/bid/99753 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99765 | URL:http://www.securityfocus.com/bid/99765 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3642;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99779 | URL:http://www.securityfocus.com/bid/99779 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3643;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99772 | URL:http://www.securityfocus.com/bid/99772 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3644;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99775 | URL:http://www.securityfocus.com/bid/99775 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99783 | URL:http://www.securityfocus.com/bid/99783 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3646;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99786 | URL:http://www.securityfocus.com/bid/99786 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99796 | URL:http://www.securityfocus.com/bid/99796 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99796 | URL:http://www.securityfocus.com/bid/99796 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3648;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99789 | URL:http://www.securityfocus.com/bid/99789 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3648;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99789 | URL:http://www.securityfocus.com/bid/99789 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3648;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99789 | URL:http://www.securityfocus.com/bid/99789 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3649;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99799 | URL:http://www.securityfocus.com/bid/99799 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3649;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99799 | URL:http://www.securityfocus.com/bid/99799 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3650;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99808 | URL:http://www.securityfocus.com/bid/99808 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3651;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | BID:99802 | URL:http://www.securityfocus.com/bid/99802 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3651;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | BID:99802 | URL:http://www.securityfocus.com/bid/99802 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3651;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | BID:99802 | URL:http://www.securityfocus.com/bid/99802 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99805 | URL:http://www.securityfocus.com/bid/99805 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99805 | URL:http://www.securityfocus.com/bid/99805 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99805 | URL:http://www.securityfocus.com/bid/99805 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2565;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102712 | URL:http://www.securityfocus.com/bid/102712 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2573;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102710 | URL:http://www.securityfocus.com/bid/102710 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2573;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102710 | URL:http://www.securityfocus.com/bid/102710 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2576;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102695 | URL:http://www.securityfocus.com/bid/102695 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2583;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102708 | URL:http://www.securityfocus.com/bid/102708 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2583;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102708 | URL:http://www.securityfocus.com/bid/102708 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2586;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102700 | URL:http://www.securityfocus.com/bid/102700 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2590;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102697 | URL:http://www.securityfocus.com/bid/102697 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2590;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102697 | URL:http://www.securityfocus.com/bid/102697 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2591;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102714 | URL:http://www.securityfocus.com/bid/102714 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2018-2591;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102714 | URL:http://www.securityfocus.com/bid/102714 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102696 | URL:http://www.securityfocus.com/bid/102696 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2612;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102709 | URL:http://www.securityfocus.com/bid/102709 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2612;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102709 | URL:http://www.securityfocus.com/bid/102709 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102698 | URL:http://www.securityfocus.com/bid/102698 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102698 | URL:http://www.securityfocus.com/bid/102698 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2646;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102703 | URL:http://www.securityfocus.com/bid/102703 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102711 | URL:http://www.securityfocus.com/bid/102711 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102711 | URL:http://www.securityfocus.com/bid/102711 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2667;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102685 | URL:http://www.securityfocus.com/bid/102685 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2696;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102701 | URL:http://www.securityfocus.com/bid/102701 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2696;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102701 | URL:http://www.securityfocus.com/bid/102701 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2703;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102704 | URL:http://www.securityfocus.com/bid/102704 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2703;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102704 | URL:http://www.securityfocus.com/bid/102704 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; From 8fda1dc28489b42ad98f3d609c42f39f82ba2b81 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Thu, 22 Feb 2018 15:35:31 +0100 Subject: [PATCH 083/102] Issue #371 --- mysqltuner.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 48b7c5f..6da4209 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -198,7 +198,7 @@ open( $fh, '>', $outputfile ) or die("Fail opening $outputfile") if defined($outputfile); $opt{nocolor} = 1 if defined($outputfile); - +$opt{nocolor} = 1 unless(-t STDOUT); # Setting up the colors for the print styles my $me = `whoami`; $me =~ s/\n//g; From 0e8fcbf52dcdd5d9fa87508cb59cd05765fed693 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Thu, 22 Feb 2018 16:11:42 +0100 Subject: [PATCH 084/102] Issue #369 --- mysqltuner.pl | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/mysqltuner.pl b/mysqltuner.pl index 6da4209..30e6f66 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1906,6 +1906,16 @@ sub validate_mysql_version { } } +# Checks if MySQL version is equal to (major, minor, micro) +sub mysql_version_eq { + my ( $maj, $min, $mic ) = @_; + $min ||= 0; + $mic ||= 0; + return + ( int($mysqlvermajor) == int($maj) + && int($mysqlverminor) == int($min) + && int($mysqlvermicro) == int($mic) ); +} # Checks if MySQL version is greater than equal to (major, minor, micro) sub mysql_version_ge { my ( $maj, $min, $mic ) = @_; @@ -3386,6 +3396,13 @@ sub mysqsl_pfs { debugprint "Performance schema is " . $myvar{'performance_schema'}; infoprint "Memory used by P_S: " . hr_bytes( get_pf_memory() ); + if ( mysql_version_eq(10, 0) ) { + push( @generalrec, +"Performance shouldn't be activated for MariaDB 10.0 for performance issue" + ); + push( @adjvars, "performance_schema = OFF disable PFS" ); + return; + } unless ( grep /^sys$/, select_array("SHOW DATABASES") ) { infoprint "Sys schema isn't installed."; push( @generalrec, From 35c4200813406311305b21ecf937f237397d1f71 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Thu, 22 Feb 2018 16:58:59 +0100 Subject: [PATCH 085/102] Issue #364 --- mysqltuner.pl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/mysqltuner.pl b/mysqltuner.pl index 30e6f66..063990b 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -930,6 +930,7 @@ nce account, but they failed."; exit 1; } } + } # MySQL Request Array @@ -3075,6 +3076,9 @@ sub mysql_stats { "Read this before increasing " . $table_cache_var . " over 64: http://bit.ly/1mi7c4C" ); + push( @generalrec, "This is MyISAM only table_cache scalability problem, InnoDB not affected."); + push ( @generalrec, "See more details here: https://bugs.mysql.com/bug.php?id=49177"); + push ( @generalrec, "This bug already fixed in MySQL 5.7.9 and newer MySQL versions."); push( @generalrec, "Beware that open_files_limit (" . $myvar{'open_files_limit'} @@ -6147,6 +6151,9 @@ headerprint; # Header Print validate_tuner_version; # Check last version mysql_setup; # Gotta login first +debugprint "MySQL FINAL Client : $mysqlcmd $mysqllogin"; +debugprint "MySQL Admin FINAL Client : $mysqladmincmd $mysqllogin"; +#exit(0); os_setup; # Set up some OS variables get_all_vars; # Toss variables/status into hashes get_tuning_info; # Get information about the tuning connexion From 94f8dad080e946b50d1c59850c9355d2549d4931 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Thu, 22 Feb 2018 18:42:32 +0100 Subject: [PATCH 086/102] Wrong sort order in MySQLTuner report #363 --- mysqltuner.pl | 195 +++++++++++++++++++++++++------------------------- 1 file changed, 97 insertions(+), 98 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 063990b..78e45d2 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.6 +# mysqltuner.pl - Version 1.7.7 # High Performance MySQL Tuning Script # Copyright (C) 2006-2017 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.6"; +my $tunerversion = "1.7.7"; my ( @adjvars, @generalrec ); # Set defaults @@ -3457,7 +3457,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select user, statement_avg_latency from sys.user_summary order by statement_avg_latency desc LIMIT 5' +'select user, statement_avg_latency from sys.x\\$user_summary order by statement_avg_latency desc LIMIT 5' ) ) { @@ -3472,7 +3472,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select user, lock_latency from sys.user_summary_by_statement_latency order by lock_latency desc LIMIT 5' +'select user, lock_latency from sys.x\\$user_summary_by_statement_latency order by lock_latency desc LIMIT 5' ) ) { @@ -3487,7 +3487,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select user, full_scans from sys.user_summary_by_statement_latency order by full_scans desc LIMIT 5' +'select user, full_scans from sys.x\\$user_summary_by_statement_latency order by full_scans desc LIMIT 5' ) ) { @@ -3502,7 +3502,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select user, rows_sent from sys.user_summary_by_statement_latency order by rows_sent desc LIMIT 5' +'select user, rows_sent from sys.x\\$user_summary_by_statement_latency order by rows_sent desc LIMIT 5' ) ) { @@ -3517,7 +3517,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select user, rows_affected from sys.user_summary_by_statement_latency order by rows_affected desc LIMIT 5' +'select user, rows_affected from sys.x\\$user_summary_by_statement_latency order by rows_affected desc LIMIT 5' ) ) { @@ -3532,7 +3532,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select user, file_ios from sys.user_summary order by file_ios desc LIMIT 5' +'select user, file_ios from sys.x\\$user_summary order by file_ios desc LIMIT 5' ) ) { @@ -3547,7 +3547,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select user, file_io_latency from sys.user_summary order by file_io_latency desc LIMIT 5' +'select user, file_io_latency from sys.x\\$user_summary order by file_io_latency desc LIMIT 5' ) ) { @@ -3562,7 +3562,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select host, total_connections from sys.host_summary order by total_connections desc LIMIT 5' +'select host, total_connections from sys.x\\$host_summary order by total_connections desc LIMIT 5' ) ) { @@ -3577,7 +3577,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select host, statements from sys.host_summary order by statements desc LIMIT 5' +'select host, statements from sys.x\\$host_summary order by statements desc LIMIT 5' ) ) { @@ -3592,7 +3592,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select host, statement_avg_latency from sys.host_summary order by statement_avg_latency desc LIMIT 5' +'select host, statement_avg_latency from sys.x\\$host_summary order by statement_avg_latency desc LIMIT 5' ) ) { @@ -3607,7 +3607,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select host, lock_latency from sys.host_summary_by_statement_latency order by lock_latency desc LIMIT 5' +'select host, lock_latency from sys.x\\$host_summary_by_statement_latency order by lock_latency desc LIMIT 5' ) ) { @@ -3622,7 +3622,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select host, full_scans from sys.host_summary_by_statement_latency order by full_scans desc LIMIT 5' +'select host, full_scans from sys.x\\$host_summary_by_statement_latency order by full_scans desc LIMIT 5' ) ) { @@ -3637,7 +3637,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select host, rows_sent from sys.host_summary_by_statement_latency order by rows_sent desc LIMIT 5' +'select host, rows_sent from sys.x\\$host_summary_by_statement_latency order by rows_sent desc LIMIT 5' ) ) { @@ -3652,7 +3652,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select host, rows_affected from sys.host_summary_by_statement_latency order by rows_affected desc LIMIT 5' +'select host, rows_affected from sys.x\\$host_summary_by_statement_latency order by rows_affected desc LIMIT 5' ) ) { @@ -3667,7 +3667,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select host, file_ios from sys.host_summary order by file_ios desc LIMIT 5' +'select host, file_ios from sys.x\\$host_summary order by file_ios desc LIMIT 5' ) ) { @@ -3682,7 +3682,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select host, file_io_latency from sys.host_summary order by file_io_latency desc LIMIT 5' +'select host, file_io_latency from sys.x\\$host_summary order by file_io_latency desc LIMIT 5' ) ) { @@ -3697,7 +3697,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select substring(event_name,14), SUM(total)AS total from sys.host_summary_by_file_io_type GROUP BY substring(event_name,14) ORDER BY total DESC;' +'use sys;select substring(event_name,14), SUM(total)AS total from sys.x\\$host_summary_by_file_io_type GROUP BY substring(event_name,14) ORDER BY total DESC;' ) ) { @@ -3712,7 +3712,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select substring(event_name,14), format_time(ROUND(SUM(total_latency),1)) AS total_latency from sys.host_summary_by_file_io_type GROUP BY substring(event_name,14) ORDER BY total_latency DESC;' +'select substring(event_name,14), ROUND(SUM(total_latency),1) AS total_latency from sys.x\\$host_summary_by_file_io_type GROUP BY substring(event_name,14) ORDER BY total_latency DESC;' ) ) { @@ -3727,7 +3727,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select substring(event_name,14), MAX(max_latency) as max_latency from sys.host_summary_by_file_io_type GROUP BY substring(event_name,14) ORDER BY max_latency DESC;' +'use sys;select substring(event_name,14), MAX(max_latency) as max_latency from sys.x\\$host_summary_by_file_io_type GROUP BY substring(event_name,14) ORDER BY max_latency DESC;' ) ) { @@ -3742,7 +3742,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select substring(event_name,7), SUM(total)AS total from sys.host_summary_by_stages GROUP BY substring(event_name,7) ORDER BY total DESC;' +'use sys;select substring(event_name,7), SUM(total)AS total from sys.x\\$host_summary_by_stages GROUP BY substring(event_name,7) ORDER BY total DESC;' ) ) { @@ -3757,7 +3757,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select substring(event_name,7), format_time(ROUND(SUM(total_latency),1)) AS total_latency from sys.host_summary_by_stages GROUP BY substring(event_name,7) ORDER BY total_latency DESC;' +'use sys;select substring(event_name,7), ROUND(SUM(total_latency),1) AS total_latency from sys.x\\$host_summary_by_stages GROUP BY substring(event_name,7) ORDER BY total_latency DESC;' ) ) { @@ -3772,7 +3772,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select substring(event_name,7), MAX(avg_latency) as avg_latency from sys.host_summary_by_stages GROUP BY substring(event_name,7) ORDER BY avg_latency DESC;' +'use sys;select substring(event_name,7), MAX(avg_latency) as avg_latency from sys.x\\$host_summary_by_stages GROUP BY substring(event_name,7) ORDER BY avg_latency DESC;' ) ) { @@ -3787,7 +3787,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select host, table_scans from sys.host_summary order by table_scans desc LIMIT 5' +'select host, table_scans from sys.x\\$host_summary order by table_scans desc LIMIT 5' ) ) { @@ -3796,13 +3796,12 @@ sub mysqsl_pfs { } infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); - # InnoDB Buffer Pool by schema subheaderprint "Performance schema: InnoDB Buffer Pool by schema"; $nbL = 1; for my $lQuery ( select_array( -'select object_schema, allocated, data, pages from sys.innodb_buffer_stats_by_schema ORDER BY pages DESC' +'select object_schema, allocated, data, pages from sys.x\\$innodb_buffer_stats_by_schema ORDER BY pages DESC' ) ) { @@ -3817,7 +3816,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -"select CONCAT(object_schema,CONCAT('.', object_name)), allocated,data, pages from sys.innodb_buffer_stats_by_table ORDER BY pages DESC" +'select object_schema, object_name, allocated,data, pages from sys.x\\$innodb_buffer_stats_by_table ORDER BY pages DESC' ) ) { @@ -3828,11 +3827,11 @@ sub mysqsl_pfs { if ( $nbL == 1 ); # Process per allocated memory - subheaderprint "Performance schema: Process per allocated memory"; + subheaderprint "Performance schema: Process per time"; $nbL = 1; for my $lQuery ( select_array( -"select concat(user,concat('/', IFNULL(Command,'NONE'))) AS PROC, current_memory from sys.processlist ORDER BY current_memory DESC;" +'select user, Command AS PROC, time from sys.x\\$processlist ORDER BY time DESC;' ) ) { @@ -3847,7 +3846,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -"use sys;select wait_age_secs, locked_table, locked_type, waiting_query from innodb_lock_waits order by wait_age_secs DESC;" +'select wait_age_secs, locked_table, locked_type, waiting_query from sys.x\\$innodb_lock_waits order by wait_age_secs DESC;' ) ) { @@ -3862,7 +3861,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -"use sys;select user, total_latency, max_latency from io_by_thread_by_latency order by total_latency;" +'select user, total_latency, max_latency from sys.x\\$io_by_thread_by_latency order by total_latency DESC;' ) ) { @@ -3877,7 +3876,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select query, avg_latency from sys.statement_analysis order by avg_latency desc LIMIT 5' +'select query, avg_latency from sys.x\\$statement_analysis order by avg_latency desc LIMIT 5' ) ) { @@ -3892,7 +3891,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select query, exec_count from sys.statements_with_runtimes_in_95th_percentile order by exec_count desc LIMIT 5' +'select query, exec_count from sys.x\\$statements_with_runtimes_in_95th_percentile order by exec_count desc LIMIT 5' ) ) { @@ -3907,7 +3906,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select statement, sum(total) as total from host_summary_by_statement_type group by statement order by total desc LIMIT 10;' +'use sys;select statement, sum(total) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' ) ) { @@ -3922,7 +3921,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select statement, sum(total_latency) as total from sys.host_summary_by_statement_type group by statement order by total desc LIMIT 10;' +'use sys;select statement, sum(total_latency) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' ) ) { @@ -3937,7 +3936,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select statement, sum(lock_latency) as total from sys.host_summary_by_statement_type group by statement order by total desc LIMIT 10;' +'use sys;select statement, sum(lock_latency) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' ) ) { @@ -3952,7 +3951,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select statement, sum(full_scans) as total from sys.host_summary_by_statement_type group by statement order by total desc LIMIT 10;' +'use sys;select statement, sum(full_scans) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' ) ) { @@ -3967,7 +3966,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select statement, sum(rows_sent) as total from sys.host_summary_by_statement_type group by statement order by total desc LIMIT 10;' +'use sys;select statement, sum(rows_sent) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' ) ) { @@ -3982,7 +3981,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select statement, sum(rows_affected) as total from sys.host_summary_by_statement_type group by statement order by total desc LIMIT 10;' +'use sys;select statement, sum(rows_affected) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' ) ) { @@ -3997,7 +3996,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( - 'use sys;select query from sys.statements_with_temp_tables LIMIT 20' + 'use sys;select query from sys.x\\$statements_with_temp_tables LIMIT 20' ) ) { @@ -4022,7 +4021,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select * from sys.schema_tables_with_full_table_scans order by rows_full_scanned DESC' +'select * from sys.x\\$schema_tables_with_full_table_scans order by rows_full_scanned DESC' ) ) { @@ -4037,7 +4036,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select thread, file, latency, operation from latest_file_io ORDER BY latency LIMIT 10;' +'use sys;select thread, file, latency, operation from sys.x\\$latest_file_io ORDER BY latency LIMIT 10;' ) ) { @@ -4052,7 +4051,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -"use sys;(select file, total_read from io_global_by_file_by_bytes where total_read like '%MiB' order by total_read DESC) UNION (select file, total_read from io_global_by_file_by_bytes where total_read like '%KiB' order by total_read DESC LIMIT 15);" +'select file, total_read from sys.x\\$io_global_by_file_by_bytes order by total_read DESC LIMIT 15;' ) ) { @@ -4067,7 +4066,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -"use sys;(select file, total_written from io_global_by_file_by_bytes where total_written like '%MiB' order by total_written DESC) UNION (select file, total_written from io_global_by_file_by_bytes where total_written like '%KiB' order by total_written DESC LIMIT 15);" +'select file, total_written from sys.x\\$io_global_by_file_by_bytes order by total_written DESC LIMIT 15' ) ) { @@ -4082,7 +4081,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select file, total_latency from io_global_by_file_by_latency ORDER BY total_latency DESC LIMIT 20;' +'select file, total_latency from sys.x\\$io_global_by_file_by_latency ORDER BY total_latency DESC LIMIT 20;' ) ) { @@ -4097,7 +4096,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select file, read_latency from io_global_by_file_by_latency ORDER BY read_latency DESC LIMIT 20;' +'use sys;select file, read_latency from sys.x\\$io_global_by_file_by_latency ORDER BY read_latency DESC LIMIT 20;' ) ) { @@ -4112,7 +4111,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select file, write_latency from io_global_by_file_by_latency ORDER BY write_latency DESC LIMIT 20;' +'use sys;select file, write_latency from sys.x\\$io_global_by_file_by_latency ORDER BY write_latency DESC LIMIT 20;' ) ) { @@ -4127,7 +4126,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -"use sys;(select event_name, total_read from io_global_by_wait_by_bytes where total_read like '%MiB' order by total_read DESC) UNION (select event_name, total_read from io_global_by_wait_by_bytes where total_read like '%KiB' order by total_read DESC LIMIT 15);" +'select event_name, total_read from sys.x\\$io_global_by_wait_by_bytes order by total_read DESC LIMIT 15;' ) ) { @@ -4142,7 +4141,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -"use sys;(select event_name, total_written from io_global_by_wait_by_bytes where total_written like '%MiB' order by total_written DESC) UNION (select event_name, total_written from io_global_by_wait_by_bytes where total_written like '%KiB' order by total_written DESC LIMIT 15);" +'select event_name, total_written from sys.x\\$io_global_by_wait_by_bytes order by total_written DESC LIMIT 15;' ) ) { @@ -4157,7 +4156,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select event_name, total_latency from io_global_by_wait_by_latency ORDER BY total_latency DESC LIMIT 20;' +'use sys;select event_name, total_latency from sys.x\\$io_global_by_wait_by_latency ORDER BY total_latency DESC LIMIT 20;' ) ) { @@ -4172,7 +4171,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select event_name, read_latency from io_global_by_wait_by_latency ORDER BY read_latency DESC LIMIT 20;' +'use sys;select event_name, read_latency from sys.x\\$io_global_by_wait_by_latency ORDER BY read_latency DESC LIMIT 20;' ) ) { @@ -4187,7 +4186,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select event_name, write_latency from io_global_by_wait_by_latency ORDER BY write_latency DESC LIMIT 20;' +'use sys;select event_name, write_latency from sys.x\\$io_global_by_wait_by_latency ORDER BY write_latency DESC LIMIT 20;' ) ) { @@ -4203,7 +4202,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select table_schema, table_name,index_name, rows_selected from schema_index_statistics ORDER BY ROWs_selected DESC LIMIT 15;' +'use sys;select table_schema, table_name,index_name, rows_selected from sys.x\\$schema_index_statistics ORDER BY ROWs_selected DESC LIMIT 15;' ) ) { @@ -4218,7 +4217,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select table_schema, table_name,index_name, rows_inserted+rows_updated+rows_deleted AS changes from schema_index_statistics ORDER BY rows_inserted+rows_updated+rows_deleted DESC LIMIT 15;' +'use sys;select table_schema, table_name,index_name, rows_inserted+rows_updated+rows_deleted AS changes from sys.x\\$schema_index_statistics ORDER BY rows_inserted+rows_updated+rows_deleted DESC LIMIT 15;' ) ) { @@ -4233,7 +4232,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select table_schema, table_name,index_name, select_latency from schema_index_statistics ORDER BY select_latency DESC LIMIT 15;' +'use sys;select table_schema, table_name,index_name, select_latency from sys.x\\$schema_index_statistics ORDER BY select_latency DESC LIMIT 15;' ) ) { @@ -4248,7 +4247,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select table_schema, table_name,index_name, insert_latency from schema_index_statistics ORDER BY insert_latency DESC LIMIT 15;' +'use sys;select table_schema, table_name,index_name, insert_latency from sys.x\\$schema_index_statistics ORDER BY insert_latency DESC LIMIT 15;' ) ) { @@ -4263,7 +4262,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select table_schema, table_name,index_name, update_latency from schema_index_statistics ORDER BY update_latency DESC LIMIT 15;' +'use sys;select table_schema, table_name,index_name, update_latency from sys.x\\$schema_index_statistics ORDER BY update_latency DESC LIMIT 15;' ) ) { @@ -4278,7 +4277,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select table_schema, table_name,index_name, delete_latency from schema_index_statistics ORDER BY delete_latency DESC LIMIT 15;' +'use sys;select table_schema, table_name,index_name, delete_latency from sys.x\\$schema_index_statistics ORDER BY delete_latency DESC LIMIT 15;' ) ) { @@ -4293,7 +4292,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select table_schema, table_name, rows_fetched from schema_table_statistics ORDER BY ROWs_fetched DESC LIMIT 15;' +'use sys;select table_schema, table_name, rows_fetched from sys.x\\$schema_table_statistics ORDER BY ROWs_fetched DESC LIMIT 15;' ) ) { @@ -4308,7 +4307,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select table_schema, table_name, rows_inserted+rows_updated+rows_deleted AS changes from schema_table_statistics ORDER BY rows_inserted+rows_updated+rows_deleted DESC LIMIT 15;' +'use sys;select table_schema, table_name, rows_inserted+rows_updated+rows_deleted AS changes from sys.x\\$schema_table_statistics ORDER BY rows_inserted+rows_updated+rows_deleted DESC LIMIT 15;' ) ) { @@ -4323,7 +4322,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select table_schema, table_name, fetch_latency from schema_table_statistics ORDER BY fetch_latency DESC LIMIT 15;' +'use sys;select table_schema, table_name, fetch_latency from sys.x\\$schema_table_statistics ORDER BY fetch_latency DESC LIMIT 15;' ) ) { @@ -4338,7 +4337,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select table_schema, table_name, insert_latency from schema_table_statistics ORDER BY insert_latency DESC LIMIT 15;' +'use sys;select table_schema, table_name, insert_latency from sys.x\\$schema_table_statistics ORDER BY insert_latency DESC LIMIT 15;' ) ) { @@ -4353,7 +4352,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select table_schema, table_name, update_latency from schema_table_statistics ORDER BY update_latency DESC LIMIT 15;' +'use sys;select table_schema, table_name, update_latency from sys.x\\$schema_table_statistics ORDER BY update_latency DESC LIMIT 15;' ) ) { @@ -4368,7 +4367,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select table_schema, table_name, delete_latency from schema_table_statistics ORDER BY delete_latency DESC LIMIT 15;' +'use sys;select table_schema, table_name, delete_latency from sys.x\\$schema_table_statistics ORDER BY delete_latency DESC LIMIT 15;' ) ) { @@ -4394,7 +4393,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -' Select table_schema, table_name from sys.schema_table_statistics_with_buffer where innodb_buffer_allocated IS NULL;' +' Select table_schema, table_name from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NULL;' ) ) { @@ -4408,7 +4407,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -' Select table_schema, table_name from sys.schema_table_statistics_with_buffer where innodb_buffer_allocated IS NULL;' +' Select table_schema, table_name from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NULL;' ) ) { @@ -4421,7 +4420,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -' Select table_schema, table_name from sys.schema_table_statistics_with_buffer where innodb_buffer_allocated IS NULL;' +' Select table_schema, table_name from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NULL;' ) ) { @@ -4435,7 +4434,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select table_schema,table_name,innodb_buffer_allocated from sys.schema_table_statistics_with_buffer where innodb_buffer_allocated IS NOT NULL ORDER BY innodb_buffer_allocated DESC LIMIT 15;' +'select table_schema,table_name,innodb_buffer_allocated from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NOT NULL ORDER BY innodb_buffer_allocated DESC LIMIT 15;' ) ) { @@ -4449,7 +4448,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select table_schema,table_name,innodb_buffer_free from sys.schema_table_statistics_with_buffer where innodb_buffer_allocated IS NOT NULL ORDER BY innodb_buffer_free DESC LIMIT 15;' +'select table_schema,table_name,innodb_buffer_free from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NOT NULL ORDER BY innodb_buffer_free DESC LIMIT 15;' ) ) { @@ -4463,7 +4462,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select db, query, exec_count from sys.statement_analysis order by exec_count DESC LIMIT 15;' +'select db, query, exec_count from sys.x\\$statement_analysis order by exec_count DESC LIMIT 15;' ) ) { @@ -4478,7 +4477,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select query, last_seen from sys.statements_with_errors_or_warnings ORDER BY last_seen LIMIT 100;' +'select query, last_seen from sys.x\\$statements_with_errors_or_warnings ORDER BY last_seen LIMIT 100;' ) ) { @@ -4492,7 +4491,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select db, query, exec_count from sys.statements_with_full_table_scans order BY exec_count DESC LIMIT 20;' +'select db, query, exec_count from sys.x\\$statements_with_full_table_scans order BY exec_count DESC LIMIT 20;' ) ) { @@ -4506,7 +4505,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select db, query, last_seen from sys.statements_with_full_table_scans order BY last_seen DESC LIMIT 50;' +'select db, query, last_seen from sys.x\\$statements_with_full_table_scans order BY last_seen DESC LIMIT 50;' ) ) { @@ -4520,7 +4519,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select db, query , rows_sent from statements_with_runtimes_in_95th_percentile ORDER BY ROWs_sent DESC LIMIT 15;' +'use sys;select db, query , rows_sent from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY ROWs_sent DESC LIMIT 15;' ) ) { @@ -4535,7 +4534,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select db, query, rows_examined AS search from statements_with_runtimes_in_95th_percentile ORDER BY rows_examined DESC LIMIT 15;' +'use sys;select db, query, rows_examined AS search from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY rows_examined DESC LIMIT 15;' ) ) { @@ -4550,7 +4549,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select db, query, total_latency AS search from statements_with_runtimes_in_95th_percentile ORDER BY total_latency DESC LIMIT 15;' +'use sys;select db, query, total_latency AS search from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY total_latency DESC LIMIT 15;' ) ) { @@ -4565,7 +4564,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select db, query, max_latency AS search from statements_with_runtimes_in_95th_percentile ORDER BY max_latency DESC LIMIT 15;' +'use sys;select db, query, max_latency AS search from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY max_latency DESC LIMIT 15;' ) ) { @@ -4580,7 +4579,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select db, query, avg_latency AS search from statements_with_runtimes_in_95th_percentile ORDER BY avg_latency DESC LIMIT 15;' +'use sys;select db, query, avg_latency AS search from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY avg_latency DESC LIMIT 15;' ) ) { @@ -4594,7 +4593,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select db, query, exec_count from sys.statements_with_sorting order BY exec_count DESC LIMIT 20;' +'select db, query, exec_count from sys.x\\$statements_with_sorting order BY exec_count DESC LIMIT 20;' ) ) { @@ -4608,7 +4607,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select db, query, last_seen from sys.statements_with_sorting order BY last_seen DESC LIMIT 50;' +'select db, query, last_seen from sys.x\\$statements_with_sorting order BY last_seen DESC LIMIT 50;' ) ) { @@ -4622,7 +4621,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select db, query , rows_sorted from statements_with_sorting ORDER BY ROWs_sorted DESC LIMIT 15;' +'use sys;select db, query , rows_sorted from sys.x\\$statements_with_sorting ORDER BY ROWs_sorted DESC LIMIT 15;' ) ) { @@ -4636,7 +4635,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select db, query, total_latency AS search from statements_with_sorting ORDER BY total_latency DESC LIMIT 15;' +'use sys;select db, query, total_latency AS search from sys.x\\$statements_with_sorting ORDER BY total_latency DESC LIMIT 15;' ) ) { @@ -4650,7 +4649,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select db, query, sort_merge_passes AS search from statements_with_sorting ORDER BY sort_merge_passes DESC LIMIT 15;' +'use sys;select db, query, sort_merge_passes AS search from sys.x\\$statements_with_sorting ORDER BY sort_merge_passes DESC LIMIT 15;' ) ) { @@ -4665,7 +4664,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select db, query, avg_sort_merges AS search from statements_with_sorting ORDER BY avg_sort_merges DESC LIMIT 15;' +'select db, query, avg_sort_merges AS search from sys.x\\$statements_with_sorting ORDER BY avg_sort_merges DESC LIMIT 15;' ) ) { @@ -4679,7 +4678,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select db, query, sorts_using_scans AS search from statements_with_sorting ORDER BY sorts_using_scans DESC LIMIT 15;' +'use sys;select db, query, sorts_using_scans AS search from sys.x\\$statements_with_sorting ORDER BY sorts_using_scans DESC LIMIT 15;' ) ) { @@ -4693,7 +4692,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select db, query, sort_using_range AS search from statements_with_sorting ORDER BY sort_using_range DESC LIMIT 15;' +'use sys;select db, query, sort_using_range AS search from sys.x\\$statements_with_sorting ORDER BY sort_using_range DESC LIMIT 15;' ) ) { @@ -4729,7 +4728,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select db, query, exec_count from sys.statements_with_temp_tables order BY exec_count DESC LIMIT 20;' +'select db, query, exec_count from sys.x\\$statements_with_temp_tables order BY exec_count DESC LIMIT 20;' ) ) { @@ -4743,7 +4742,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'select db, query, last_seen from sys.statements_with_temp_tables order BY last_seen DESC LIMIT 50;' +'select db, query, last_seen from sys.x\\$statements_with_temp_tables order BY last_seen DESC LIMIT 50;' ) ) { @@ -4758,7 +4757,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select db, query, total_latency AS search from statements_with_temp_tables ORDER BY total_latency DESC LIMIT 15;' +'select db, query, total_latency AS search from sys.x\\$statements_with_temp_tables ORDER BY total_latency DESC LIMIT 15;' ) ) { @@ -4772,7 +4771,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select db, query, disk_tmp_tables from statements_with_temp_tables ORDER BY disk_tmp_tables DESC LIMIT 15;' +'use sys;select db, query, disk_tmp_tables from sys.x\\$statements_with_temp_tables ORDER BY disk_tmp_tables DESC LIMIT 15;' ) ) { @@ -4799,7 +4798,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select event_class, total from wait_classes_global_by_latency ORDER BY total DESC LIMIT 15;' +'use sys;select event_class, total from sys.x\\$wait_classes_global_by_latency ORDER BY total DESC LIMIT 15;' ) ) { @@ -4813,7 +4812,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select events, total from waits_global_by_latency ORDER BY total DESC LIMIT 30;' +'use sys;select events, total from sys.x\\$waits_global_by_latency ORDER BY total DESC LIMIT 30;' ) ) { @@ -4827,7 +4826,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select event_class, total_latency from wait_classes_global_by_latency ORDER BY total_latency DESC LIMIT 15;' +'use sys;select event_class, total_latency from sys.x\\$wait_classes_global_by_latency ORDER BY total_latency DESC LIMIT 15;' ) ) { @@ -4841,7 +4840,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select events, total_latency from waits_global_by_latency ORDER BY total_latency DESC LIMIT 30;' +'use sys;select events, total_latency from sys.x\\$waits_global_by_latency ORDER BY total_latency DESC LIMIT 30;' ) ) { @@ -4855,7 +4854,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select event_class, max_latency from wait_classes_global_by_latency ORDER BY max_latency DESC LIMIT 15;' +'select event_class, max_latency from sys.x\\$wait_classes_global_by_latency ORDER BY max_latency DESC LIMIT 15;' ) ) { @@ -4869,7 +4868,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( -'use sys;select events, max_latency from waits_global_by_latency ORDER BY max_latency DESC LIMIT 30;' +'select events, max_latency from sys.x\\$waits_global_by_latency ORDER BY max_latency DESC LIMIT 30;' ) ) { @@ -6200,7 +6199,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.6 - MySQL High Performance Tuning Script + MySQLTuner 1.7.7 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From 760adf20b5784e88b32b709a2a74c295122db964 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Fri, 23 Feb 2018 12:34:32 +0100 Subject: [PATCH 087/102] Latest version has a regression with colored outout #371 --- mysqltuner.pl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 78e45d2..bbc2f9b 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -67,6 +67,7 @@ my %opt = ( "noinfo" => 0, "debug" => 0, "nocolor" => ( !-t STDOUT ), + "color" => 0, "forcemem" => 0, "forceswap" => 0, "host" => 0, @@ -120,7 +121,7 @@ GetOptions( 'verbose', 'sysstat', 'password=s', 'pfstat', 'passenv=s', 'userenv=s', - 'defaults-file=s', 'ssl-ca=s' + 'defaults-file=s', 'ssl-ca=s', 'color' ) or pod2usage( -exitval => 1, @@ -199,6 +200,8 @@ open( $fh, '>', $outputfile ) if defined($outputfile); $opt{nocolor} = 1 if defined($outputfile); $opt{nocolor} = 1 unless(-t STDOUT); + +$opt{nocolor} = 0 if ($opt{color} == 1); # Setting up the colors for the print styles my $me = `whoami`; $me =~ s/\n//g; From bca1ad849dcedf7828994980064aa4f76d8998ed Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Fri, 23 Feb 2018 16:42:24 +0100 Subject: [PATCH 088/102] Change year reference --- mysqltuner.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index bbc2f9b..e56bd8b 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,7 +1,7 @@ #!/usr/bin/env perl # mysqltuner.pl - Version 1.7.7 # High Performance MySQL Tuning Script -# Copyright (C) 2006-2017 Major Hayden - major@mhtx.net +# Copyright (C) 2006-2018 Major Hayden - major@mhtx.net # # For the latest updates, please visit http://mysqltuner.com/ # Git repository available at http://github.com/major/MySQLTuner-perl From 1c51f442822a170fb2eaafb088f22c8f4baacd9d Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Mon, 5 Mar 2018 09:37:51 +0100 Subject: [PATCH 089/102] New deploy helper script --- build/deployOn | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100755 build/deployOn diff --git a/build/deployOn b/build/deployOn new file mode 100755 index 0000000..05be1cf --- /dev/null +++ b/build/deployOn @@ -0,0 +1,12 @@ +#!/bin/bash +set -xv + +_DIR=$(dirname `readlink -f $0`) + + +ssh $1 mkdir /images/mysqltuner +rsync -avz ${_DIR}/.. $1:/images/mysqltuner + +if [ "$2" = "run" ];then + ssh $1 "su - mysql -c 'cd /images/mysqltuner; perl mysqltuner.pl --verbose'" +fi From f0394b67cc5dbac4afafd7e31dd22099bf331396 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Mon, 19 Mar 2018 16:33:04 +0100 Subject: [PATCH 090/102] Issue #373 Fix for password column on MySQL 5.7 --- build/deployOn | 2 +- mysqltuner.pl | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/build/deployOn b/build/deployOn index 05be1cf..29cff83 100755 --- a/build/deployOn +++ b/build/deployOn @@ -8,5 +8,5 @@ ssh $1 mkdir /images/mysqltuner rsync -avz ${_DIR}/.. $1:/images/mysqltuner if [ "$2" = "run" ];then - ssh $1 "su - mysql -c 'cd /images/mysqltuner; perl mysqltuner.pl --verbose'" + ssh $1 "su - mysql -c 'cd /images/mysqltuner; source /opt/mysql/myqenv myserver1;perl mysqltuner.pl --verbose --color'" fi diff --git a/mysqltuner.pl b/mysqltuner.pl index e56bd8b..5ab5a6d 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.7 +# mysqltuner.pl - Version 1.7.8 # High Performance MySQL Tuning Script # Copyright (C) 2006-2018 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.7"; +my $tunerversion = "1.7.8"; my ( @adjvars, @generalrec ); # Set defaults @@ -1697,6 +1697,9 @@ sub security_recommendations { $PASS_COLUMN_NAME = "IF(plugin='mysql_native_password', authentication_string, password)"; } + if ( $myvar{'version'} =~ /5\.7/ ) { + $PASS_COLUMN_NAME = "authentication_string"; + } debugprint "Password column = $PASS_COLUMN_NAME"; # Looking for Anonymous users @@ -6202,7 +6205,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.7 - MySQL High Performance Tuning Script + MySQLTuner 1.7.8 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From ff2a47e4618326ede36ca8553981ac7c66ad36fd Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Mon, 19 Mar 2018 16:34:41 +0100 Subject: [PATCH 091/102] Issue #373 Fix for password column on MySQL 5.7 --- mysqltuner.pl | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 5ab5a6d..8d6bc0a 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.8 +# mysqltuner.pl - Version 1.7.7 # High Performance MySQL Tuning Script # Copyright (C) 2006-2018 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.8"; +my $tunerversion = "1.7.7"; my ( @adjvars, @generalrec ); # Set defaults @@ -1695,10 +1695,7 @@ sub security_recommendations { my $PASS_COLUMN_NAME = 'password'; if ( $myvar{'version'} =~ /5\.7|10\..*MariaDB*/ ) { $PASS_COLUMN_NAME = - "IF(plugin='mysql_native_password', authentication_string, password)"; - } - if ( $myvar{'version'} =~ /5\.7/ ) { - $PASS_COLUMN_NAME = "authentication_string"; + "IF(plugin='mysql_native_password', authentication_string, 'password')"; } debugprint "Password column = $PASS_COLUMN_NAME"; @@ -6205,7 +6202,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.8 - MySQL High Performance Tuning Script + MySQLTuner 1.7.7 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From 586b1c7547c8c7eecc4db5be4abcfd4b99e75564 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Mon, 19 Mar 2018 17:01:22 +0100 Subject: [PATCH 092/102] Update INTERNALS.md --- INTERNALS.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/INTERNALS.md b/INTERNALS.md index 67daa0a..1e53f12 100644 --- a/INTERNALS.md +++ b/INTERNALS.md @@ -197,8 +197,13 @@ * Is server replication configured as slave ? * SQL replication thread running ? * IO replication thread running ? -* Replication lag in seconds +* Replication lag in seconds (Seconds_behind_master) * Is Slave configured in read only ? +* replication type ROW, MIX, STMT +* replication Semisync master +* replication Semisync slave +* XA support activated +* replication started ? ## MySQLTuner InnoDB information From 031f741296a2d2f17ab12fcb2f4948a5ac3e1f18 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Mon, 19 Mar 2018 17:08:12 +0100 Subject: [PATCH 093/102] Some information about replication --- mysqltuner.pl | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 8d6bc0a..268ad3f 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1843,15 +1843,19 @@ sub get_replication_status { . scalar( keys %myslaves ) . " server(s)."; } - + infoprint "Binlog format: ". $myvar{'binlog_format'}; + infoprint "XA support enabled: ". $myvar{'innodb_support_xa'}; + infoprint "Semi synchronous replication Master: ". $myvar{'rpl_semi_sync_master_enabled'}; + infoprint "Semi synchronous replication Slave: ". $myvar{'rpl_semi_sync_slave_enabled'}; if ( scalar( keys %myrepl ) == 0 and scalar( keys %myslaves ) == 0 ) { - infoprint "This is a standalone server."; + infoprint "This is a standalone server"; return; } if ( scalar( keys %myrepl ) == 0 ) { - infoprint "No replication setup for this server."; + infoprint "No replication setup for this server or replication not started."; return; } + $result{'Replication'}{'status'} = \%myrepl; my ($io_running) = $myrepl{'Slave_IO_Running'}; debugprint "IO RUNNING: $io_running "; From de1bd2015eadca5f36929519e503c2e075ec2452 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Mon, 19 Mar 2018 17:17:11 +0100 Subject: [PATCH 094/102] update staff --- USAGE.md | 2 +- mysqltuner.pl | 57 +++++++++++++++++++++++++++++++-------------------- 2 files changed, 36 insertions(+), 23 deletions(-) diff --git a/USAGE.md b/USAGE.md index 6ec0b55..6f3a348 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,6 +1,6 @@ # NAME - MySQLTuner 1.7.6 - MySQL High Performance Tuning Script + MySQLTuner 1.7.7 - MySQL High Performance Tuning Script # IMPORTANT USAGE GUIDELINES diff --git a/mysqltuner.pl b/mysqltuner.pl index 268ad3f..31cc38c 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -121,7 +121,8 @@ GetOptions( 'verbose', 'sysstat', 'password=s', 'pfstat', 'passenv=s', 'userenv=s', - 'defaults-file=s', 'ssl-ca=s', 'color' + 'defaults-file=s', 'ssl-ca=s', + 'color' ) or pod2usage( -exitval => 1, @@ -199,9 +200,10 @@ open( $fh, '>', $outputfile ) or die("Fail opening $outputfile") if defined($outputfile); $opt{nocolor} = 1 if defined($outputfile); -$opt{nocolor} = 1 unless(-t STDOUT); +$opt{nocolor} = 1 unless ( -t STDOUT ); + +$opt{nocolor} = 0 if ( $opt{color} == 1 ); -$opt{nocolor} = 0 if ($opt{color} == 1); # Setting up the colors for the print styles my $me = `whoami`; $me =~ s/\n//g; @@ -1695,7 +1697,7 @@ sub security_recommendations { my $PASS_COLUMN_NAME = 'password'; if ( $myvar{'version'} =~ /5\.7|10\..*MariaDB*/ ) { $PASS_COLUMN_NAME = - "IF(plugin='mysql_native_password', authentication_string, 'password')"; +"IF(plugin='mysql_native_password', authentication_string, 'password')"; } debugprint "Password column = $PASS_COLUMN_NAME"; @@ -1843,16 +1845,19 @@ sub get_replication_status { . scalar( keys %myslaves ) . " server(s)."; } - infoprint "Binlog format: ". $myvar{'binlog_format'}; - infoprint "XA support enabled: ". $myvar{'innodb_support_xa'}; - infoprint "Semi synchronous replication Master: ". $myvar{'rpl_semi_sync_master_enabled'}; - infoprint "Semi synchronous replication Slave: ". $myvar{'rpl_semi_sync_slave_enabled'}; + infoprint "Binlog format: " . $myvar{'binlog_format'}; + infoprint "XA support enabled: " . $myvar{'innodb_support_xa'}; + infoprint "Semi synchronous replication Master: " + . $myvar{'rpl_semi_sync_master_enabled'}; + infoprint "Semi synchronous replication Slave: " + . $myvar{'rpl_semi_sync_slave_enabled'}; if ( scalar( keys %myrepl ) == 0 and scalar( keys %myslaves ) == 0 ) { infoprint "This is a standalone server"; return; } if ( scalar( keys %myrepl ) == 0 ) { - infoprint "No replication setup for this server or replication not started."; + infoprint + "No replication setup for this server or replication not started."; return; } @@ -1919,11 +1924,11 @@ sub mysql_version_eq { my ( $maj, $min, $mic ) = @_; $min ||= 0; $mic ||= 0; - return - ( int($mysqlvermajor) == int($maj) - && int($mysqlverminor) == int($min) - && int($mysqlvermicro) == int($mic) ); + return ( int($mysqlvermajor) == int($maj) + && int($mysqlverminor) == int($min) + && int($mysqlvermicro) == int($mic) ); } + # Checks if MySQL version is greater than equal to (major, minor, micro) sub mysql_version_ge { my ( $maj, $min, $mic ) = @_; @@ -3083,9 +3088,15 @@ sub mysql_stats { "Read this before increasing " . $table_cache_var . " over 64: http://bit.ly/1mi7c4C" ); - push( @generalrec, "This is MyISAM only table_cache scalability problem, InnoDB not affected."); - push ( @generalrec, "See more details here: https://bugs.mysql.com/bug.php?id=49177"); - push ( @generalrec, "This bug already fixed in MySQL 5.7.9 and newer MySQL versions."); + push( @generalrec, +"This is MyISAM only table_cache scalability problem, InnoDB not affected." + ); + push( @generalrec, + "See more details here: https://bugs.mysql.com/bug.php?id=49177" + ); + push( @generalrec, +"This bug already fixed in MySQL 5.7.9 and newer MySQL versions." + ); push( @generalrec, "Beware that open_files_limit (" . $myvar{'open_files_limit'} @@ -3407,12 +3418,12 @@ sub mysqsl_pfs { debugprint "Performance schema is " . $myvar{'performance_schema'}; infoprint "Memory used by P_S: " . hr_bytes( get_pf_memory() ); - if ( mysql_version_eq(10, 0) ) { - push( @generalrec, + if ( mysql_version_eq( 10, 0 ) ) { + push( @generalrec, "Performance shouldn't be activated for MariaDB 10.0 for performance issue" - ); - push( @adjvars, "performance_schema = OFF disable PFS" ); - return; + ); + push( @adjvars, "performance_schema = OFF disable PFS" ); + return; } unless ( grep /^sys$/, select_array("SHOW DATABASES") ) { infoprint "Sys schema isn't installed."; @@ -3803,6 +3814,7 @@ sub mysqsl_pfs { } infoprint "No information found or indicators deactivated." if ( $nbL == 1 ); + # InnoDB Buffer Pool by schema subheaderprint "Performance schema: InnoDB Buffer Pool by schema"; $nbL = 1; @@ -4003,7 +4015,7 @@ sub mysqsl_pfs { $nbL = 1; for my $lQuery ( select_array( - 'use sys;select query from sys.x\\$statements_with_temp_tables LIMIT 20' +'use sys;select query from sys.x\\$statements_with_temp_tables LIMIT 20' ) ) { @@ -6159,6 +6171,7 @@ validate_tuner_version; # Check last version mysql_setup; # Gotta login first debugprint "MySQL FINAL Client : $mysqlcmd $mysqllogin"; debugprint "MySQL Admin FINAL Client : $mysqladmincmd $mysqllogin"; + #exit(0); os_setup; # Set up some OS variables get_all_vars; # Toss variables/status into hashes From 3551d0d28e257c800000b20148f80d9f47eb6778 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Tue, 20 Mar 2018 08:53:15 +0100 Subject: [PATCH 095/102] Avoid use of uninitialized value --- mysqltuner.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 31cc38c..4b85a4d 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1848,9 +1848,9 @@ sub get_replication_status { infoprint "Binlog format: " . $myvar{'binlog_format'}; infoprint "XA support enabled: " . $myvar{'innodb_support_xa'}; infoprint "Semi synchronous replication Master: " - . $myvar{'rpl_semi_sync_master_enabled'}; + . defined($myvar{'rpl_semi_sync_master_enabled'})?$myvar{'rpl_semi_sync_master_enabled'}:'Not Activated'; infoprint "Semi synchronous replication Slave: " - . $myvar{'rpl_semi_sync_slave_enabled'}; + . defined($myvar{'rpl_semi_sync_slave_enabled'})?$myvar{'rpl_semi_sync_slave_enabled'}:'Not Activated'; if ( scalar( keys %myrepl ) == 0 and scalar( keys %myslaves ) == 0 ) { infoprint "This is a standalone server"; return; From 7ae81143b99bd7c9dbde7e6890c10c24da17d8e6 Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Tue, 27 Mar 2018 12:33:31 +0000 Subject: [PATCH 096/102] Removing error from Use of uninitialized value $engine in concatenation (.) or string #350 --- mysqltuner.pl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 4b85a4d..0dafe34 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.7 +# mysqltuner.pl - Version 1.7.8 # High Performance MySQL Tuning Script # Copyright (C) 2006-2018 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.7"; +my $tunerversion = "1.7.8"; my ( @adjvars, @generalrec ); # Set defaults @@ -1848,9 +1848,9 @@ sub get_replication_status { infoprint "Binlog format: " . $myvar{'binlog_format'}; infoprint "XA support enabled: " . $myvar{'innodb_support_xa'}; infoprint "Semi synchronous replication Master: " - . defined($myvar{'rpl_semi_sync_master_enabled'})?$myvar{'rpl_semi_sync_master_enabled'}:'Not Activated'; + . (defined($myvar{'rpl_semi_sync_master_enabled'})?$myvar{'rpl_semi_sync_master_enabled'}:'Not Activated'); infoprint "Semi synchronous replication Slave: " - . defined($myvar{'rpl_semi_sync_slave_enabled'})?$myvar{'rpl_semi_sync_slave_enabled'}:'Not Activated'; + . (defined($myvar{'rpl_semi_sync_slave_enabled'})?$myvar{'rpl_semi_sync_slave_enabled'}:'Not Activated'); if ( scalar( keys %myrepl ) == 0 and scalar( keys %myslaves ) == 0 ) { infoprint "This is a standalone server"; return; @@ -6219,7 +6219,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.7 - MySQL High Performance Tuning Script + MySQLTuner 1.7.8 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From 9cf48b52e012784a5f053a62cd7fcd73a74f43d0 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Fri, 30 Mar 2018 15:44:40 +0200 Subject: [PATCH 097/102] Clean up staff --- USAGE.md | 2 +- mysqltuner.pl | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/USAGE.md b/USAGE.md index 6f3a348..28a077d 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,6 +1,6 @@ # NAME - MySQLTuner 1.7.7 - MySQL High Performance Tuning Script + MySQLTuner 1.7.8 - MySQL High Performance Tuning Script # IMPORTANT USAGE GUIDELINES diff --git a/mysqltuner.pl b/mysqltuner.pl index 0dafe34..441883e 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1848,9 +1848,15 @@ sub get_replication_status { infoprint "Binlog format: " . $myvar{'binlog_format'}; infoprint "XA support enabled: " . $myvar{'innodb_support_xa'}; infoprint "Semi synchronous replication Master: " - . (defined($myvar{'rpl_semi_sync_master_enabled'})?$myvar{'rpl_semi_sync_master_enabled'}:'Not Activated'); + . ( + defined( $myvar{'rpl_semi_sync_master_enabled'} ) + ? $myvar{'rpl_semi_sync_master_enabled'} + : 'Not Activated' ); infoprint "Semi synchronous replication Slave: " - . (defined($myvar{'rpl_semi_sync_slave_enabled'})?$myvar{'rpl_semi_sync_slave_enabled'}:'Not Activated'); + . ( + defined( $myvar{'rpl_semi_sync_slave_enabled'} ) + ? $myvar{'rpl_semi_sync_slave_enabled'} + : 'Not Activated' ); if ( scalar( keys %myrepl ) == 0 and scalar( keys %myslaves ) == 0 ) { infoprint "This is a standalone server"; return; From b9721ef91bae5fd6e13fa6a584cf1959b7aaa42a Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Wed, 4 Apr 2018 15:17:57 +0200 Subject: [PATCH 098/102] MySQL enterprise: Column recommandations #375 --- mysqltuner.pl | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/mysqltuner.pl b/mysqltuner.pl index 441883e..2bb7c09 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.8 +# mysqltuner.pl - Version 1.7.9 # High Performance MySQL Tuning Script # Copyright (C) 2006-2018 Major Hayden - major@mhtx.net # @@ -56,7 +56,7 @@ $Data::Dumper::Pair = " : "; #use Env; # Set up a few variables for use in the script -my $tunerversion = "1.7.8"; +my $tunerversion = "1.7.9"; my ( @adjvars, @generalrec ); # Set defaults @@ -1002,6 +1002,7 @@ sub select_str_g { my $req = shift; my $str = select_one_g $pattern, $req; + return () unless defined $str; my @val = split /:/, $str; shift @val; return trim(@val); @@ -6225,7 +6226,7 @@ __END__ =head1 NAME - MySQLTuner 1.7.8 - MySQL High Performance Tuning Script + MySQLTuner 1.7.9 - MySQL High Performance Tuning Script =head1 IMPORTANT USAGE GUIDELINES From 61cdd6c0d0cfe12036364471a21405490537c812 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Wed, 4 Apr 2018 15:20:27 +0200 Subject: [PATCH 099/102] Trim sub with emtpy string display error #376 --- mysqltuner.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/mysqltuner.pl b/mysqltuner.pl index 2bb7c09..22ec64c 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -5059,6 +5059,7 @@ sub mariadb_connect { # Perl trim function to remove whitespace from the start and end of the string sub trim { my $string = shift; + return "" unless defined($string); $string =~ s/^\s+//; $string =~ s/\s+$//; return $string; From 54f97e5e15920986798cf11290ae9ad5ca7c36de Mon Sep 17 00:00:00 2001 From: Jean-Marie Renouard Date: Wed, 4 Apr 2018 16:04:44 +0200 Subject: [PATCH 100/102] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index db5e21b..b02b723 100644 --- a/README.md +++ b/README.md @@ -34,8 +34,11 @@ Compatibility: * MySQL 5.7 (full support) * MySQL 5.6 (full support) * MySQL 5.5 (full support) +* MariaDB 10.3 (full support) +* MariaDB 10.2 (full support) * MariaDB 10.1 (full support) * MariaDB 10.0 (full support) +* Percona Server 5.7 (full support) * Percona Server 5.6 (full support) * Percona XtraDB cluster (full support) * MySQL 3.23, 4.0, 4.1, 5.0, 5.1 (partial support - deprecated version) From 1b68fd55a39cbb935510de5fd3b0543d259e4ffb Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Thu, 26 Apr 2018 14:15:59 +0200 Subject: [PATCH 101/102] Update staff --- USAGE.md | 2 +- mysqltuner.pl | 13 +++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/USAGE.md b/USAGE.md index 28a077d..ed9e858 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,6 +1,6 @@ # NAME - MySQLTuner 1.7.8 - MySQL High Performance Tuning Script + MySQLTuner 1.7.9 - MySQL High Performance Tuning Script # IMPORTANT USAGE GUIDELINES diff --git a/mysqltuner.pl b/mysqltuner.pl index 22ec64c..be2f5ba 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1852,12 +1852,14 @@ sub get_replication_status { . ( defined( $myvar{'rpl_semi_sync_master_enabled'} ) ? $myvar{'rpl_semi_sync_master_enabled'} - : 'Not Activated' ); + : 'Not Activated' + ); infoprint "Semi synchronous replication Slave: " . ( defined( $myvar{'rpl_semi_sync_slave_enabled'} ) ? $myvar{'rpl_semi_sync_slave_enabled'} - : 'Not Activated' ); + : 'Not Activated' + ); if ( scalar( keys %myrepl ) == 0 and scalar( keys %myslaves ) == 0 ) { infoprint "This is a standalone server"; return; @@ -5904,8 +5906,11 @@ sub mysql_tables { my $optimal_type = select_str_g( "Optimal_fieldtype", "SELECT $_ FROM $dbname.$tbname PROCEDURE ANALYSE(100000)" ); - - if ( $current_type ne $optimal_type ) { + if ( not defined($optimal_type) or $optimal_type eq '' ) { + infoprint " Current Fieldtype: $current_type"; + infoprint " Optimal Fieldtype: Not available"; + } + elsif ( $current_type ne $optimal_type ) { infoprint " Current Fieldtype: $current_type"; infoprint " Optimal Fieldtype: $optimal_type"; badprint From 613d4bb814582439c7ee643b8f355b52278758e5 Mon Sep 17 00:00:00 2001 From: Jean-Marie RENOUARD Date: Thu, 26 Apr 2018 14:27:33 +0200 Subject: [PATCH 102/102] New vulnerabilities list --- build/updateCVElist.pl | 2 +- vulnerabilities.csv | 273 ++++++++++++++++++++++++----------------- 2 files changed, 164 insertions(+), 111 deletions(-) diff --git a/build/updateCVElist.pl b/build/updateCVElist.pl index 093c6a2..1c2d21b 100644 --- a/build/updateCVElist.pl +++ b/build/updateCVElist.pl @@ -5,7 +5,7 @@ use WWW::Mechanize::GZip; use File::Util; use Data::Dumper; use List::MoreUtils qw(uniq); -my $verbose; +my $verbose=1; sub AUTOLOAD { use vars qw($AUTOLOAD); my $cmd = $AUTOLOAD; diff --git a/vulnerabilities.csv b/vulnerabilities.csv index 7319417..6efefed 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -542,10 +542,10 @@ 5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; 5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; 5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; 5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | CONFIRM:https://www.tenable.com/security/tns-2016-19 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005 | SECTRACK:1036836 | URL:http://www.securitytracker.com/id/1036836";Assigned (20160909);"None (candidate not yet proposed)"; 7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | CONFIRM:https://www.tenable.com/security/tns-2016-19 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005 | SECTRACK:1036836 | URL:http://www.securitytracker.com/id/1036836";Assigned (20160909);"None (candidate not yet proposed)"; 5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93737 | URL:http://www.securityfocus.com/bid/93737 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; @@ -569,9 +569,9 @@ 5.7.19;5;7;19;CVE-2017-10167;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101433 | URL:http://www.securityfocus.com/bid/101433 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; 5.6.37;5;6;37;CVE-2017-10227;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101337 | URL:http://www.securityfocus.com/bid/101337 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; 5.7.19;5;7;19;CVE-2017-10227;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101337 | URL:http://www.securityfocus.com/bid/101337 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.5.57;5;5;57;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.5.57;5;5;57;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; 5.6.37;5;6;37;CVE-2017-10276;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101441 | URL:http://www.securityfocus.com/bid/101441 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; 5.7.19;5;7;19;CVE-2017-10276;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101441 | URL:http://www.securityfocus.com/bid/101441 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; 5.6.36;5;6;36;CVE-2017-10279;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101316 | URL:http://www.securityfocus.com/bid/101316 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; @@ -579,8 +579,8 @@ 5.6.37;5;6;37;CVE-2017-10283;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101420 | URL:http://www.securityfocus.com/bid/101420 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; 5.7.19;5;7;19;CVE-2017-10283;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101420 | URL:http://www.securityfocus.com/bid/101420 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; 5.7.18;5;7;18;CVE-2017-10284;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Stored Procedure). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101385 | URL:http://www.securityfocus.com/bid/101385 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10286;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101397 | URL:http://www.securityfocus.com/bid/101397 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10286;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101397 | URL:http://www.securityfocus.com/bid/101397 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10286;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101397 | URL:http://www.securityfocus.com/bid/101397 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10286;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101397 | URL:http://www.securityfocus.com/bid/101397 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; 5.6.37;5;6;37;CVE-2017-10294;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101444 | URL:http://www.securityfocus.com/bid/101444 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; 5.7.19;5;7;19;CVE-2017-10294;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101444 | URL:http://www.securityfocus.com/bid/101444 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; 5.7.18;5;7;18;CVE-2017-10296;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101373 | URL:http://www.securityfocus.com/bid/101373 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; @@ -590,42 +590,42 @@ 5.7.19;5;7;19;CVE-2017-10314;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101314 | URL:http://www.securityfocus.com/bid/101314 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; 5.7.19;5;7;19;CVE-2017-10320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101410 | URL:http://www.securityfocus.com/bid/101410 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; 5.7.18;5;7;18;CVE-2017-10365;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101429 | URL:http://www.securityfocus.com/bid/101429 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.5.57;5;5;57;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.5.57;5;5;57;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.5.57;5;5;57;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.5.57;5;5;57;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.5.57;5;5;57;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.5.57;5;5;57;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; 10.1.29;10;1;29;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; 10.2.9;10;2;9;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; 5.6.36;5;6;36;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; 5.7.18;5;7;18;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; 5.0.-1;5;0;-1;CVE-2017-16540;Candidate;"OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.";"MISC:http://www.open-emr.org/wiki/index.php/OpenEMR_Patches | MISC:https://isears.github.io/jekyll/update/2017/10/28/openemr-database-disclosure.html | BID:101983 | URL:http://www.securityfocus.com/bid/101983";Assigned (20171104);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95538 | URL:http://www.securityfocus.com/bid/95538 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95538 | URL:http://www.securityfocus.com/bid/95538 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95482 | URL:http://www.securityfocus.com/bid/95482 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95486 | URL:http://www.securityfocus.com/bid/95486 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95589 | URL:http://www.securityfocus.com/bid/95589 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95589 | URL:http://www.securityfocus.com/bid/95589 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95589 | URL:http://www.securityfocus.com/bid/95589 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95589 | URL:http://www.securityfocus.com/bid/95589 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; 5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95583 | URL:http://www.securityfocus.com/bid/95583 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95583 | URL:http://www.securityfocus.com/bid/95583 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; 5.5.55;5;5;55;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; @@ -634,24 +634,24 @@ 3.1.6;3;1;6;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 3.2.1182;3;2;1182;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 3.3.2;3;3;2;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95479 | URL:http://www.securityfocus.com/bid/95479 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95470 | URL:http://www.securityfocus.com/bid/95470 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; 5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; @@ -662,14 +662,14 @@ 5.6.35;5;6;35;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.17;5;7;17;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 5.6.35;5;6;35;CVE-2017-3452;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97779 | URL:http://www.securityfocus.com/bid/97779 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.17;5;7;17;CVE-2017-3454;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97791 | URL:http://www.securityfocus.com/bid/97791 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.17;5;7;17;CVE-2017-3455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97820 | URL:http://www.securityfocus.com/bid/97820 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.17;5;7;17;CVE-2017-3457;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97845 | URL:http://www.securityfocus.com/bid/97845 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.17;5;7;17;CVE-2017-3458;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97837 | URL:http://www.securityfocus.com/bid/97837 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.17;5;7;17;CVE-2017-3459;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97847 | URL:http://www.securityfocus.com/bid/97847 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; @@ -683,9 +683,9 @@ 5.5.54;5;5;54;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 5.6.35;5;6;35;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.17;5;7;17;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.17;5;7;17;CVE-2017-3465;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97822 | URL:http://www.securityfocus.com/bid/97822 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.17;5;7;17;CVE-2017-3467;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97825 | URL:http://www.securityfocus.com/bid/97825 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.17;5;7;17;CVE-2017-3468;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97848 | URL:http://www.securityfocus.com/bid/97848 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; @@ -699,15 +699,15 @@ 5.7.18;5;7;18;CVE-2017-3633;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99722 | URL:http://www.securityfocus.com/bid/99722 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; 5.6.36;5;6;36;CVE-2017-3634;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99729 | URL:http://www.securityfocus.com/bid/99729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.18;5;7;18;CVE-2017-3634;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99729 | URL:http://www.securityfocus.com/bid/99729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.56;5;5;56;CVE-2017-3636;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99736 | URL:http://www.securityfocus.com/bid/99736 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-3636;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99736 | URL:http://www.securityfocus.com/bid/99736 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3636;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:99736 | URL:http://www.securityfocus.com/bid/99736 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3636;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:99736 | URL:http://www.securityfocus.com/bid/99736 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.18;5;7;18;CVE-2017-3637;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99748 | URL:http://www.securityfocus.com/bid/99748 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.18;5;7;18;CVE-2017-3638;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99778 | URL:http://www.securityfocus.com/bid/99778 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.18;5;7;18;CVE-2017-3639;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99753 | URL:http://www.securityfocus.com/bid/99753 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.18;5;7;18;CVE-2017-3640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99765 | URL:http://www.securityfocus.com/bid/99765 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.56;5;5;56;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.18;5;7;18;CVE-2017-3642;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99779 | URL:http://www.securityfocus.com/bid/99779 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.18;5;7;18;CVE-2017-3643;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99772 | URL:http://www.securityfocus.com/bid/99772 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.18;5;7;18;CVE-2017-3644;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99775 | URL:http://www.securityfocus.com/bid/99775 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; @@ -727,45 +727,98 @@ 5.5.56;5;5;56;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99805 | URL:http://www.securityfocus.com/bid/99805 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; 5.6.36;5;6;36;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99805 | URL:http://www.securityfocus.com/bid/99805 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; 5.7.18;5;7;18;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99805 | URL:http://www.securityfocus.com/bid/99805 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.56;5;5;56;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.58;5;5;58;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2565;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102712 | URL:http://www.securityfocus.com/bid/102712 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2573;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102710 | URL:http://www.securityfocus.com/bid/102710 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2573;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102710 | URL:http://www.securityfocus.com/bid/102710 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2576;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102695 | URL:http://www.securityfocus.com/bid/102695 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2583;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102708 | URL:http://www.securityfocus.com/bid/102708 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2583;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102708 | URL:http://www.securityfocus.com/bid/102708 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2586;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102700 | URL:http://www.securityfocus.com/bid/102700 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2590;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102697 | URL:http://www.securityfocus.com/bid/102697 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2590;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102697 | URL:http://www.securityfocus.com/bid/102697 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2591;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102714 | URL:http://www.securityfocus.com/bid/102714 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2018-2591;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102714 | URL:http://www.securityfocus.com/bid/102714 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102696 | URL:http://www.securityfocus.com/bid/102696 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2612;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102709 | URL:http://www.securityfocus.com/bid/102709 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2612;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102709 | URL:http://www.securityfocus.com/bid/102709 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.58;5;5;58;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.58;5;5;58;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102698 | URL:http://www.securityfocus.com/bid/102698 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102698 | URL:http://www.securityfocus.com/bid/102698 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2646;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102703 | URL:http://www.securityfocus.com/bid/102703 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102711 | URL:http://www.securityfocus.com/bid/102711 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102711 | URL:http://www.securityfocus.com/bid/102711 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.58;5;5;58;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2667;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102685 | URL:http://www.securityfocus.com/bid/102685 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.58;5;5;58;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2696;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102701 | URL:http://www.securityfocus.com/bid/102701 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2696;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102701 | URL:http://www.securityfocus.com/bid/102701 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2703;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102704 | URL:http://www.securityfocus.com/bid/102704 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2703;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | BID:102704 | URL:http://www.securityfocus.com/bid/102704 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2565;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102712 | URL:http://www.securityfocus.com/bid/102712 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2573;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102710 | URL:http://www.securityfocus.com/bid/102710 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2573;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102710 | URL:http://www.securityfocus.com/bid/102710 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2576;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102695 | URL:http://www.securityfocus.com/bid/102695 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2583;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102708 | URL:http://www.securityfocus.com/bid/102708 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2583;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102708 | URL:http://www.securityfocus.com/bid/102708 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2586;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102700 | URL:http://www.securityfocus.com/bid/102700 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2590;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102697 | URL:http://www.securityfocus.com/bid/102697 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2590;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102697 | URL:http://www.securityfocus.com/bid/102697 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2591;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | BID:102714 | URL:http://www.securityfocus.com/bid/102714 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2018-2591;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | BID:102714 | URL:http://www.securityfocus.com/bid/102714 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102696 | URL:http://www.securityfocus.com/bid/102696 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2612;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102709 | URL:http://www.securityfocus.com/bid/102709 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2612;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102709 | URL:http://www.securityfocus.com/bid/102709 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102698 | URL:http://www.securityfocus.com/bid/102698 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102698 | URL:http://www.securityfocus.com/bid/102698 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2646;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102703 | URL:http://www.securityfocus.com/bid/102703 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102711 | URL:http://www.securityfocus.com/bid/102711 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102711 | URL:http://www.securityfocus.com/bid/102711 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2667;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102685 | URL:http://www.securityfocus.com/bid/102685 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2696;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102701 | URL:http://www.securityfocus.com/bid/102701 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2696;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102701 | URL:http://www.securityfocus.com/bid/102701 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2703;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102704 | URL:http://www.securityfocus.com/bid/102704 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2703;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102704 | URL:http://www.securityfocus.com/bid/102704 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103807 | URL:http://www.securityfocus.com/bid/103807 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103807 | URL:http://www.securityfocus.com/bid/103807 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103807 | URL:http://www.securityfocus.com/bid/103807 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2758;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103802 | URL:http://www.securityfocus.com/bid/103802 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2758;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103802 | URL:http://www.securityfocus.com/bid/103802 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2759;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103780 | URL:http://www.securityfocus.com/bid/103780 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2761;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103820 | URL:http://www.securityfocus.com/bid/103820 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2761;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103820 | URL:http://www.securityfocus.com/bid/103820 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2761;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103820 | URL:http://www.securityfocus.com/bid/103820 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2762;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103794 | URL:http://www.securityfocus.com/bid/103794 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2766;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103805 | URL:http://www.securityfocus.com/bid/103805 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2766;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103805 | URL:http://www.securityfocus.com/bid/103805 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2769;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103876 | URL:http://www.securityfocus.com/bid/103876 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2771;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103828 | URL:http://www.securityfocus.com/bid/103828 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2771;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103828 | URL:http://www.securityfocus.com/bid/103828 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2771;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103828 | URL:http://www.securityfocus.com/bid/103828 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2773;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103811 | URL:http://www.securityfocus.com/bid/103811 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2773;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103811 | URL:http://www.securityfocus.com/bid/103811 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2773;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103811 | URL:http://www.securityfocus.com/bid/103811 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2775;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103777 | URL:http://www.securityfocus.com/bid/103777 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2776;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103791 | URL:http://www.securityfocus.com/bid/103791 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2777;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103781 | URL:http://www.securityfocus.com/bid/103781 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2778;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103785 | URL:http://www.securityfocus.com/bid/103785 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2779;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103787 | URL:http://www.securityfocus.com/bid/103787 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2780;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103778 | URL:http://www.securityfocus.com/bid/103778 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2781;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103825 | URL:http://www.securityfocus.com/bid/103825 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2781;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103825 | URL:http://www.securityfocus.com/bid/103825 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2781;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103825 | URL:http://www.securityfocus.com/bid/103825 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2782;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103799 | URL:http://www.securityfocus.com/bid/103799 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2782;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103799 | URL:http://www.securityfocus.com/bid/103799 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2784;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103801 | URL:http://www.securityfocus.com/bid/103801 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2784;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103801 | URL:http://www.securityfocus.com/bid/103801 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2786;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103779 | URL:http://www.securityfocus.com/bid/103779 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2787;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103804 | URL:http://www.securityfocus.com/bid/103804 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2787;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103804 | URL:http://www.securityfocus.com/bid/103804 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2805;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | BID:103831 | URL:http://www.securityfocus.com/bid/103831 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2810;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103783 | URL:http://www.securityfocus.com/bid/103783 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2812;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103836 | URL:http://www.securityfocus.com/bid/103836 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2813;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103830 | URL:http://www.securityfocus.com/bid/103830 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2813;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103830 | URL:http://www.securityfocus.com/bid/103830 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2813;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103830 | URL:http://www.securityfocus.com/bid/103830 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2816;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103789 | URL:http://www.securityfocus.com/bid/103789 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2817;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103818 | URL:http://www.securityfocus.com/bid/103818 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2817;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103818 | URL:http://www.securityfocus.com/bid/103818 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2817;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103818 | URL:http://www.securityfocus.com/bid/103818 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2818;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103824 | URL:http://www.securityfocus.com/bid/103824 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2818;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103824 | URL:http://www.securityfocus.com/bid/103824 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2818;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103824 | URL:http://www.securityfocus.com/bid/103824 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103814 | URL:http://www.securityfocus.com/bid/103814 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103814 | URL:http://www.securityfocus.com/bid/103814 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | BID:103814 | URL:http://www.securityfocus.com/bid/103814 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2839;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103845 | URL:http://www.securityfocus.com/bid/103845 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2846;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | BID:103790 | URL:http://www.securityfocus.com/bid/103790 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)";